Forum Moderators: phranque
I am running a phpnuke web site on apache 1.3 server.
I wish to protect a single file in my root directory (admin.php) using .htaccess ...
Mu current file looks like:
AuthName "Realm Name"
AuthType Basic
AuthUserFile /.htpasswd
Allow From All
<Files admin.php>
Deny From All
</Files>
This doesn't work ...
Anyone know what the correct syntax would be?
2) what does "doesn't work" mean? If the server throws an error, have you checked your error log?
3) PHP-Nuke has notoriously poor security; you should, IMO, look into other options. I could be paid enough money to run a PHP-Nuke site, but it would a) be a helluva lot more than I'm making now; b) come with (from me) a list of warnings and caveats and long as the arm of the person paying my salary; and c) cause to to get the signature of the person cutting my check, so I'd written documentation that they'd acknowledged my warnings.
Think I'm overreacting? =)
A quick search [search.securityfocus.com] on Bugtraq [securityfocus.com] shows 168 security-related issues *reported to the list* in the last 4 years or so. I've worked at places where systems such as PHP-Nuke were considered; when PHP-Nuke itself came up as an option, there was a pause, a grin, a snickering, and then we looked at more serious options. =)
I've heard decent things about [drupal.org ]; there was also a small discussion on CMS applications on slashdot recently [developers.slashdot.org].
I want the normal authentication, like it would have with a password protected directory.
I'd start with something like this:
<Files admin.php>
AuthName "Realm Name"
AuthType Basic
AuthUserFile /full/path/to/.htpasswd
[url=http://httpd.apache.org/docs/mod/core.html#require]require valid-user[/url]
</Files>
allow from all
<files ~ "^(admin.php)$">
require user *username*
</files>
Authname Administration
Authtype Basic
AuthUserFile /.htpasswd
