Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Non-Recursive .htaccess files, permissions, etc..
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Non-Recursive .htaccess files, permissions, etc..

HeinzHeinz Member
edited December 2011 in Help

I use example.com/personal/ dir for hosting some personal files, screenshots and similar things which I share with friends, forums, etc... however I can't find a way to lock /personal/ for visitors so that only I would be able to check files and share direct URLs with others.

Simple .htaccess file with " Order deny,allow / Deny from all / Allow from 255.255.my IP" rule obvioulsy isn't solution because "Deny from all" recursively affect also direct links so that others can't access them. Also chmod permission rule which I use this moment isn't solution because that way I can't direcly access from net to find proper file name to share link either.

Any suggestion how to password or IP protect /personal/ dir for all others except me but that this woudn't recursively disable for others also /personal/fileexample.jpg links?

It's ordinary apache, php, etc... cPanel webhosting server. I don't want to use 3rd party filesharing/image gallery software if that's possible and I wondering if there's some more elegant solution similar to .htaccess but without recursive affect on files inside this dir.

Comments

  • So basically, you want to be able to link people to pictures/files within your /personal/ directory, but don't want them to be able to view the contents of said directory, yes?

  • If that's correct, I;d just stick in a blank index.html file in there. :)

  • Or, just remove Indexes from the option line for that directory.

  • HeinzHeinz Member
    edited December 2011

    If this would be that easy :) Thank you both but you overlooked important part. Yes I want to be able to link people to pictures/files within my /personal/ directory and I don't want them to be able to view the contents of this directory however from otherside I want to be able to view the contents of said directory.
    That's why blank index.html, chmod, etc... don't look like viable option and I am taking .htaccess "deny from all/allow from (IP or password)" example which would be perfect solution if this damn thing just wouldn't work recursive. Any file or dir contained within the dir with the .htaccess will follow the same rules and this is what I would like to avoid.

  • AldryicAldryic Member
    edited December 2011

    That's not what DENY does. If you issue a DENY on /personal/, then nobody will be able to view any content from that directory (Indexing or Direct Links). If you issue a DENY on /personal/, and even manage to pull a later ALLOW on /personal/img/, you're still facing the exact same problem.

    We understood what you mean, the problem is that you don't have a real viable method of doing this without more advanced scripting and rules. Your best bet is to simply run an 'ls', copy/paste the filename to your browser if you have to, and proceed from there.

  • HeinzHeinz Member
    edited December 2011

    That's not what DENY does

    I said that - It's recursive :)

    Your best bet is to simply run an 'ls', copy/paste the filename to your browser if you have to, and proceed from there

    This is what I am doing whole time but to do this I need to ssh or ftp to server everytime when I want to share some file. If you're in the middle of the chat with someone and you want to quick share some picture or something it's even those few seconds to open client to log into server sometimes too much.
    I am afraid that I will be forced to use some third party filesharing script if I don't find more elegant solution anyway.

  • No, you're missing the point. You CANNOT use DENY to selectively allow indexing. DENY completely blocks access to the directory/directories in which it's active.

    What you're wanting to do will require regex and rewrite rules.

  • HeinzHeinz Member
    edited December 2011

    I do? But I never said that I want to use DENY for selectively allowing indexing (where did you get this idea from?) but use it as example to deny/allow access to dir - something what .htaccess do and it would do great also in my case if just wouldn't have recursive affect on subfolders and files and that's why I am looking for alternative solutions not neccessary connected with .htaccess

    I know that you want to help however there seems problem in communication (my limited english or you don't read careful what I say?).

  • @Heinz said: Yes I want to be able to link people to pictures/files within my /personal/ directory and I don't want them to be able to view the contents of this directory however from otherside I want to be able to view the contents of said directory.

    You cannot do this with .htaccess files. Regex/mod-rewrite, period.

    Word of advice: if you're not going to state explicitly what you want to do the first time, especially not in your native tongue, you'd do well not to accuse others of "not reading carefully".

  • HeinzHeinz Member
    edited December 2011

    But I keep repeating this... and you keep repeating same after me...

    "Simple .htaccess file with " Order deny,allow / Deny from all / Allow from 255.255.my IP" rule obvioulsy isn't solution because "Deny from all" recursively affect also direct links so that others can't access them."

    "I am taking .htaccess "deny from all/allow from (IP or password)" example which would be perfect solution if this damn thing just wouldn't work recursive. Any file or dir contained within the dir with the .htaccess will follow the same rules and this is what I would like to avoid."

    "But I never said that I want to use DENY for selectively allowing indexing (where did you get this idea from?) but use it as example to deny/allow access to dir - something what .htaccess do and it would do great also in my case if just wouldn't have recursive affect on subfolders and files and that's why I am looking for alternative solutions not neccessary connected with .htaccess"

    And more I am telling that I can't do this with .htaccess to find some alternative solution more you try to convience me that I can't do this with .htaccess... Anyway thank you for telling me what I am saying from beginning... and I will check mod-rewrite option after I go through http://www.webmasterworld.com/apache/3588649.htm (seems like something to start with) and some other documents.

    if you're not going to state explicitly what you want to do the first time..

    But I did... Infact I believe that I was very descriptive and even with my far from perfect english isn't that hard to understand what I want to do.. just that I am looking for way to do this and that's why I opened this topic. But more I am saying what isn't option more you repeating after me what isn't option and this bring us nowhere. Lets stop with this and try to be constructive, can we?

  • divyadivya Member
    edited December 2011

    Hey guys just cool down!
    @Heinz From what I understand from your description of the situation

    • You have a private directory which you don't want people to access blindly(i.e no directory listing for general public) but you should get the listing in a protected way for yourself.
    • You want to share links to files in that directory with others. So if anyone has a direct url to the file, he should be able to access the file without the need of any further authentication etc.

    For the above scenario put an index.php file in the directory with the following code:

    <html><head><title>Password protected directory</title></head><body>
    <?php
    $user="username";
    $pass="password";
    if(isset($_REQUEST['u']) && isset($_REQUEST['p'])){
        if(strcmp($_REQUEST['u'], $user)==0 && strcmp($_REQUEST['p'], $pass)==0){
            if ($handle = opendir('.')) {
                while (false !== ($file = readdir($handle))) {
                    if ($file{0} != "." && $file != "index.php") {
                        echo "<a href='$file'>$file</a><br />\n";
                    }
                }
                closedir($handle);
            }
        }
        else{
            echo "Access denied!";
        }
        echo "</body></html>";
        exit();
    }
    ?>
    <form action="index.php" method="POST" name="login_frm">
    Username: <input name="u" /><br />
    Password: <input name="p" type="password" /><br />
    <input name="submit" type="submit" value="Login" /><br />
    </form>
    </body></html>
    

    For php virgins: you should login with username as 'username' and password as 'password'. You can change this by changing the values of variables $user and $pass in the above script.

    If I have mis-interpreted your requirements, just ignore and have fun!

    {fun}*License: Above script can be used, distributed, modified, sold, claimed your own, critisised as inefficient or insecure, .... for any purpose and by anyone without any restrictions whatsoever!
    Post here if you don't understand it{/fun}

    EDIT: Code Modified as per exussum's suggestion

    Thanked by 2yomero Heinz
  • Instead of $file != "." && $file != ".." you could use
    $file{0} != "."
    Which would hide all files starting with a . so hidden files too ?

    May be useful

    Thanked by 1Heinz
  • @exussum you are correct on that and your suggestion is very useful. I've edited the script accordingly.

    wrote the script just for this thread. so just put in what was on top of the mind.

    Thanked by 1Heinz
  • It's better to use htaccess password protection, it protects you easily, also against search engines indexing. That's a good how-to:
    http://www.elated.com/articles/password-protecting-your-pages-with-htaccess/

    You just need to send your visitors the username and password for accessing everything in a directory.

  • kylixkylix Member
    edited December 2011

    I think you're talking about something different. Something that also confused the OT. htaccess can only be used in this scenario to protect the whole directory and not file-wise. Since the whole directory is not intended to be protected here in this thread as the files itself should be directly accessible without protection, htaccess is no help. Thus the script above with the mark that you just need to disable the index or put up a blank index.html.

  • Otherwise, just chmod the folder to 711.

  • @divya amazing. Thank you for script and to all rest thank you for suggestions and ideas. I will try script when I come from work.

  • @Heinz said: I want to be able to view the contents of said directory.

    That's what you have ftp/sftp for. :)

    Forgive me for skimming. Short on time.

  • I just came from work, tryed it and bingo! @divya your script is exactly what I was looking for. Once again thank you for your time and effort.

    If anyone other find it useful please click on little "Thanks" icon near @divya and @exussum name :)

  • @Heinz programming was my hobby during school days and my primary job responsibility now(Not PHP programming exactly though).

    So, it was fun for me too. Enjoy!

Sign In or Register to comment.