Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: HTML - Apache Authentication

  • Subject: Re: HTML - Apache Authentication
  • From: Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx>
  • Date: Sun, 11 Sep 2005 15:35:32 +0100
  • Newsgroups: comp.infosystems.www.servers.unix
  • Organization: schestowitz.com / MCC / Manchester University
  • References: <GbYTe.26743$FA3.23753@news-server.bigpond.net.au> <dfqv7e$2occ$2@godfrey.mcc.ac.uk> <6sVUe.30200$FA3.29664@news-server.bigpond.net.au>
  • Reply-to: newsgroups@xxxxxxxxxxxxxxx
  • User-agent: KNode/0.7.2
__/ [Justin] on Sunday 11 September 2005 13:30 \__

> "Roy Schestowitz" <newsgroups@xxxxxxxxxxxxxxx> wrote in message
> news:dfqv7e$2occ$2@xxxxxxxxxxxxxxxxxxxx
>> __/ [Justin] on Thursday 08 September 2005 15:49 \__
>>> Hi there,
>>> Just having a few issues with authentication on my server.
>>> I am trying to apply basic authentication to my root directory, but not
>>> all of the sub-directories. How can i apply authentication to only the
>>> root?
>>> Anyone got any tips?
>>> Thanks in advance
>>> Justin
>> Have you considered using some hard or soft links, re-directing from root
>> directory or relocating its content (transparently) to a subfolder that
>> requires authentication to access? You can deny access to everything in
>> the
>> root directory and shift its public content in a way that does not expose
>> the structure, e.g. URL re-writes...
>> Roy
> Hi Roy,
> Sorry to sound ignorant, but how would hard/soft links help?
> There is just one subdirectory that i dont want the authentication to be
> applied to.
> eg) /research <- root directory with basic authentication
>      /research/tests <- subdirectory that i dont want authentication on.
> Is there a way to prevent the authentication i apply to the research
> folder following down to the tests directory too?
> Thanks again
> Jus

Hi Justin,

I used to do something very similar with ~/Research on my domain (almost
everything is public now). To achieve this effect I incorporated an
HTML/JS-based password protection (gateway page). It is not the safest
solution, but if it suits you, read on.

Have a look at the page below:


For historical reasons, it meta-redirects to


The crossed-out text is what used to serve as the "I have the password,
please let me in" link. If you follow that link you will be asked for a
pseudo-password, which is in fact the relative URL excluding the suffix.
So, the 'password' is (was) in fact: /Research/resindex

If you allow visitors to access  /Research/example, curious ones among them
can ascend one level up to /Research/ and get served index.html (or PHP,
shtml, htm as specified in your Apache settings). To prevent this from
being so 'hackable', assign a mysterious name to the main page e.g.
barmuda.html and set index.html to serve some page like: 
http://www.schestowitz.com/Research/Notes/ (yes, it is supposed to be
blocked because subdirectories are private)

I urge you to avoid plentiful mentionings of names. Particularly, be careful
when mentioning names of your superordinates in public pages. People

Hope it helps,


Roy S. Schestowitz      | /earth: file system full
http://Schestowitz.com  |    SuSE Linux    |     PGP-Key: 74572E8E
  3:20pm  up 17 days 13:48,  3 users,  load average: 0.58, 0.51, 0.66

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index