At 17:58 08.03.2003, news.php.net said:
--------------------[snip]--------------------
>I want to have the /php directory
>one directory above the /web root
>so it is not accessible from browser command line execution but
>will execute from a click on an
>html page. CGI-PHP is installed
>but I need to know the .htaccess
>contents for the /cgi/php directory
Of course this is possible. You just cannot directly run any PHP script by
URL if it's located outside the web root, but you could easily use stub
files running that part of the application you wish to use.
I assume you have some libraries that you'd like to include in your stub files:
-- stub.php
<?php
require_once('../php/library1.php');
?>
So there's no real need for an .htaccess-based blocker.
However here's what you need in .htaccess )line numbers only for
explanation below):
1 AuthName "The name of your realm"
2 AuthType Basic
3 AuthUserFile /etc/httpd/.htpasswd
4 AuthGroupFile /etc/httpd/.htgroup
5 Require group authorized_users
6 Order deny,allow
7 Deny from all
8 Allow from 10.10.10.0/24
9 Allow from ##.##.##.##
10 Satisfy any
Explanation:
1 - This is the text that will appear on the authentication dialog at the
clients side.
2 - There are others (like NTLM) but I don't have any experience using
them. Take care that "Basic" doesn't provide any encryption of transmitted
UserID/Passwords; it just Base64-encodes it.
3 - Where the password file is located. It may be anywhere, even outside
the web root, as long as it is readable by Apache. You create and maintain
the .htpasswd file using the htpasswd command line utility.
4 - Optional; contains user groups. Maintained by text editor. Format:
group: user user user
group: user user user
5 - Names of user groups that may access the ddirectory. You may as well use
Require user user-id user-id
if you don't support groups.
6 - Order of ACL check (http://httpd.apache.org/docs/mod/mod_access.html#order)
7 - Deny all hosts and users (checked first, see 6)
8 - Allow from the internal network (example, not required)
9 - Allow from any other IP or subnet (example, not required)
10 - http://httpd.apache.org/docs/mod/core.html#satisfy
Allow access if _any_ of the above restrictions is met. If you specify
Satisfy all
the above example would never allow access since no host can be on
different addresses...
Note that "AllowOverride AuthConfig" must be set in the server or virtual
host definition if authentication is to be used via .htaccess.
The authentication directives can be used in the server config at the
<Directory> level, or in the .htaccess file.
Formore info on Apache directives read
http://httpd.apache.org/docs/mod/directives.html.
HTH,
--
>O Ernest E. Vogelsinger
(\) ICQ #13394035
^ http://www.vogelsinger.at/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
