Welcome to WebmasterWorld Guest from 54.226.133.245

Forum Moderators: bakedjake

Message Too Old, No Replies

Allow from Group

     
7:51 pm on Dec 20, 2001 (gmt 0)

Preferred Member

10+ Year Member

joined:Nov 22, 2000
posts:384
votes: 0



I need to allow access to certain global file names at the owner level, such as htaccess.

Currently...

<Files .htaccess>
Order allow,deny
Deny from all
</Files>

I have only found instructions on allow from domain/ip. How can I allow access to the htaccess files for 'owner' or 'group'?

3:55 am on Dec 21, 2001 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:July 27, 2001
posts:1472
votes: 0


Here's a good tutorial on the subject:

[mathcs.richmond.edu...]

11:09 pm on Dec 21, 2001 (gmt 0)

Preferred Member

10+ Year Member

joined:Nov 22, 2000
posts:384
votes: 0



I appreciate the help, but I think you missed what I need to accomplish due to my lack of explantion.

The situation is multiple virtual hosts and I want a global declaration to allow access to the htaccess files for the client, but still restrict from world access.

The challenge is some ftp programs do not show htaccess files and some do. For those that do not, I can only guess it is using http protocol to connect and therefore the global declaration in the httpsd.conf for Apache is what is hiding the files.

Something like this:

SetEnvIf Remote_User /??what to match??/ valid_user
<Files .htaccess>
Order allow,deny
Deny from all env=!valid_user
</Files>

How can I get the enviroment to contain 'valid_user' if the logged in user is equal to the UID(owner) of the file.

Its not that big of a deal, but I would like to know how others solved this.

12:52 am on Dec 22, 2001 (gmt 0)

Senior Member

WebmasterWorld Senior Member littleman is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:June 17, 2000
posts:2924
votes: 0


You are talking in shell? Well in shell you will have a bit of a problem. You could chmod it 700, but then apache will not be able to access it unless you run apache as the user. I think most people would advise against that.

If you want to just block access to it from the web then you could just put this in your httpd.conf file:

<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members