Hi guys,

I have been banging my head against this for days now but I can not see where I have gone wrong.

There is an offline version of my website for testing which should only be accessible from within the VPN 1.2.3.x. However it is accessible from anywhere, obviously this is not good.

Secondly we have a .SWF file which we need to connect to, but when we try to access it I get denied regardless of how I connect to it:

/var/log/httpd-error.log

[error] [client EXTERNAL.IP] client denied by server configuration: /usr/local/www/apache22/errors/autherror.html

I have confirmed that both the live and test dirs are chowned and chmodded the same as are the .swf files and their directory but the live site has no issues, the test site clearly does :(


I have currently set the following configuration:

httpd.conf

<Directory "/usr/local/www/apache22/test/">
 Order Deny,Allow
 Deny from all
 Allow from 1.2.3.0/24
</Directory>

extra/httpd-vhosts.conf

<VirtualHost *:80>
 DocumentRoot "/usr/local/www/apache22/test"
 ServerName test.website.com
 ServerAlias test.website.com
</VirtualHost>

test/.htaccess

AddType video/x-flv .flv
AddType application/x-shockwave-flash .swf
AddType image/x-icon .ico
AddDefaultCharset UTF-8
DefaultLanguage en-US
SetEnv TZ Australia/Melbourne


##START htauth
AuthUserFile /usr/local/www/apache22/data/.htpasswd
AuthGroupFile /dev/null
AuthName "Private"
AuthType Basic
require valid-user
Satisfy any
##END htauth


RewriteEngine on
RewriteBase /
RewriteCond %{HTTP_REFERER} !^http://members\.website\.com\.au/ [NC] #main webserver
RewriteCond %{HTTP_REFERER} !^https://members\.website\.com\.au/ [NC] #some other trusted server
#we are trying to download the SecureToken player...
##send them a custom player that doesn't provide the SecureToken!
RewriteRule ^FlashPlayer\.swf$ /wp-content/uploads/jw-player-plugin-for-wordpress/player/player.swf [L]

are there any other config files that I should be looking at? Or have I made a silly mistake somewhere?

Thanks for your time
Regards