mardi 28 avril 2015

htaccess deny all allow remote access

I am trying to get a .htaccess to deny all direct access and only allow access from the Joomla Extension URL Installer.

I have one server where the installation/download directory in here is the .htaccess.

I have multiple servers from my own which ip's i can add to the code below. But what about my client websites that want to host it somewhere else. It is a bit difficult to constantly have to update the htaccess with more ip addresses. And this is not safe as well I guess.

AuthName "Protected" 
AuthType Basic 
<Limit GET POST> 
order deny,allow 
deny from all 
allow from YOUR.SERVER.IP.ADDRESS 
</Limit> 

I can think of two possible sollutions but don't know if it exists.

  1. Create one user/pass in .htpasswd and then make the htaccess:

    AuthName "Protected" 
    AuthType Basic 
    <Limit GET POST> 
    order deny,allow 
    deny from all 
    allow from valid-user 
    </Limit> 
    
    

    and make the link:

    http://ift.tt/1PqeLoq
    
    
  2. Modify htaccess so it allows only access through script but no direct access.

Aucun commentaire:

Enregistrer un commentaire