Category Archives: access

Correct way to block access to a folder by checking cookie in .htaccess?

I'm using code like the following one in my .htaccess to block visitors from accessing to a folder if they do not have a cookie named "admin".

RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_COOKIE} !admin= [NC]
RewriteRule .* / [L]

I made sure that the .htaccess file is put in the folder and the browsers I use for testing do not have the cookie. But somehow I'm still able to access the folder with those browsers.

What's possibly wrong?

What are ways to block direct access to files on apache but allow them through scripts?

If I type in the direct path to any of the content in my server directory I can see and download the file without being logged in. (example I have a directory foo with a file bar.jpg in it. If I type into the search bar "ip:port/foo/bar.jpg I can see the picture without needing to go through the pages I created). I know it would be difficult to access but if it can happen it eventually will. Is there a way that allows my php script to access files and display them in a webpage but not allow any direct access to the content on my server when typed in? I have tried .htaccess files and directly altering the server config in apache, my access looks like this:

<Directory "C:\xampp\htdocs\RootFolder\Login System">
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?Family [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]
</Directory>

The problem here is that it randomly blocks some images in my page while allowing others through:

GET http://localhost/Family/IMG_2436.jpg 403 (Forbidden)

I have been bashing my head in trying to get this to work so that if someone types in a direct link they get an access denied while accessing through my php page would just show the picture or file. Is there any way to do this? ps I'm using a windows base

Limit access to Apache on OSM Map Server based on URL

I have successfully set up my own OSN map server using the detailed tutorial on the "Switch to OSM" website: on an Ubuntu 16.04 server. The server works and I can render maps no problem. However, I would like to limit the access to this map server based on URL, so that only the web application that I have developed can render maps using it.

How can I do such a thing? I know it probably has to be done through some apache configs but I was not able to figure it out myself.

Apache centos IP based access

I have a Centos 6 web server running around 50 sites based on virtual hosts setup.

Recently i have been asked to restrict access to the web sites only from within my organisation.

Having "Order deny,allow" at each virtual host works fine i.e anyone from outside the organisation are not able to visit the website/s but users only from with the organisation are able to get to the sites.

My question is, is there a way i can do this setup at httpd.conf so that it applies to all the sites getting served from this box rather than repeating the "Order deny,allow" settings on every virtual host. If it can be done at global server level, can someone please let me know how.

Restricting at firewall level or proxy is not an option so had to be done at web server level.

Appreciate the help

Thanks R

Apache2 server : many users can’t acces (ipv4,ipv6)

I made a server for a research project two days ago (Ubuntu 14.04 LTS, Apache2, PHP). I haven't set a domain name yet, so the webpage is only accessible via ip adress (in this case ipv6,inet 6addr at ppp0).

I asked a friend to try it, everything worked fine on her computer and mobile phone too. Later I asked some friends and colleagues to access the webpage but they were not able to do so. They got the 443 unreachable error message. My first friend was still able to access the webpage her computer and mobile phone. I run through some questions here and on other sites to solve this problem but nothing helped.

I asked the users to check their IP-s on https://www.whatismyip.com/. When using her ethernet and wifi at home, my first friend had ipv6 type IP address, she was able to access the site. The other users had ipv4 type address and they were not able to access my webpage. I asked my first friend to switch to the mobile internet provided by her telephone company. After this she wasn't able to access the site and she had ipv4 type IP address. After she switched back to her wifi she was able to access the page again. What could be the cause of this strange problem? What can I do to solve it?