I was wondering if there is an “easy” way to protect a file from begin access from all domains…
Let say that I want only a few domains to use my script so they put in their HTML
From domain yourdomain.com you write
If your domain is in our “allow” access then you can use it, if not, then show an error or just nothing…
Is that possible with PHP?
Or do I have to use .htaccess ?
Probably the most straight forward way is to use a .htaccess file. These files typically take IP address and not domains. The code below would only allow from 1.1.1.1 and 2.2.2.2 and anything else would be denied.
<Limit GET POST>
order deny,allow
deny from all
allow from 1.1.1.1
allow from 2.2.2.2
</Limit>
Related
I am trying to secure access to a PHP page in a folder and only allow access to it from a specific IP Address and domain name but only on a specific port. I have seen a number of questions here but not including the PORT access.
I have added the following in the .htaccess file within the folder.
order allow,deny
deny from all
allow from 111.222.333.44:12345
However, this seems to be invalid.
What would be the correct way of doing it?
I know direct URL access can be prevented via .htaccess rules but I don't know much about meta-chars or escaping.
these are the files in my xammp/htdocs folder, accessed using
localhost:
index.php
createScheme.php
several someother.php
I want direct access to be enabled only for index.php and createScheme.php and all others pages should be blocked against direct access.
Please help!
This .htaccess file will only allow users to open index.php. Attempts to access any other files will result in a 403-error.
Order deny,allow
Deny from all
<Files "index.php">
Allow from all
</Files>
If you also want to use authentication for some of the files, you may simply add the content from your current file at the end of my example.
I have a question regarding the web application security. I would like to ask you how can I hide a specific folder of my website (in this case the admin) from the public. The admin should be accessible only from two or three IPs.
The admin will be visible as following:
www.mysite.com /admin
Thanks
You can create an .htaccess file and write
order deny,allow
deny from all
allow from YOUR_IP #Replace YOUR_IP with the IP you want to allow
allow from YOUR_IP
That's about accessing, if you want to hide the file structure, than use
IndexIgnore *
Combine a Directory directive with standard access control.
<Directory /var/www/admin>
Order deny,allow
Deny from all
Allow from 10.10.10.10
Allow from 10.10.10.11
</Directory>
I am creating RESTful web services, but I want to protect those web services and want to give access to specific domain names. I have achieved that by following code in PHP:
$allowed_hosts = array("domain1.com", "domain2.com", "domain3.com");
if (!in_array(strtolower($_SERVER["HTTP_HOST"]), $allowed_hosts))
die ("Unknown host name ". $_SERVER["HTTP_HOST"]);
I would like to know that is this the correct approach to restrict the access?
<Files "admin.php">
Order deny,allow
Deny from all
Allow from .*domain1\.com.*
Allow from .*domain2\.com.*
</Files>
put this in your .htaccess file so it will proved access to the admin.php file only from domain1.com and domain2.com
i want to protect some folders from a normal user but i (from localhost or my IP address) m unable to see the folder structure...so i do this
write a .htaccess file in that folder(eg.project/cms/js) and write below code
# no nasty crackers in here!
order deny,allow
deny from all
allow from 192.168.1.7
but by using this prohibit to everyone( including me) to see that folder structure.....
how do i protect that folder from other users except myself?
I think you got the allow and deny the wrong way around:
order allow,deny
allow from 192.168.1.7
deny from all
which first processes all the allow statements and next the deny statements.
I just checked, your above example works fine for me on my Apache 2.
Make sure your IP really is 192.168.1.7. Note that if it's the local machine you're trying to access, your IP will be 127.0.0.1.