Hey, thanks for the repley back.
The reason why we are doing IP based secuirty instead of passwords is
simple. We only want people from those companies accessing the site, if we
used passwords they could be simply passed around, we dont want that. We
want to control who gets access.
Just wanted to ask you if this looks right before i actually post it live on
the production server
This is what the Directory Part of the conf file looks like.
# Security Over PHPmyAdmin
<Directory "/var/www/html/phpmyadmin">
Options Indexes Includes FollowSymLinks
AllowOverride None
AuthName "Login"
AuthType Basic
AuthUserFile /var/.htpasswd
require valid-user
</Directory>
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
I will change it to this:
# Security Over PHPmyAdmin
<Directory "/var/www/html/phpmyadmin">
Options Indexes Includes FollowSymLinks
AllowOverride None
AuthName "Login"
AuthType Basic
AuthUserFile /var/.htpasswd
require valid-user
</Directory>
<Directory />
Options FollowSymLinks
AllowOverride None
Order Deny,Allow
Deny from all
</Directory>
<Directory "/var/www/mysite">
AllowOverride None
Order Deny,Allow
Allow from 127.0.0.1
</Directory>
is this all right ? Do i have to change any thing else ? i have other sites
on here which i dont want blocked, just that one site in that directory. My
Virtual Hosts look like this if it matters:
#mysite
<VirtualHost 172.16.23.1:80>
ServerName mysite.co.nz
RewriteEngine on
RewriteCond %{HTTP_HOST} !^$
RewriteRule ^/(.*) http://www.mysite.co.nz/$1 [NE,R]
</VirtualHost>
<VirtualHost 172.16.23.1:80>
ServerAdmin [EMAIL PROTECTED]
DocumentRoot /var/www/html/mysite
ServerName www.mysite.co.nz
</VirtualHost>
Also is it possible to choose where the blocked people go ? at the moment
they load the fedora test page, i would like to inform them with a message
why they arent seeing the site properly.
cheers
rob
