Gossamer Forum
Home : Products : Links 2.0 : Discussions :

Security if .htaccess don't work..

Quote Reply
Security if .htaccess don't work..
Hi, I've set up the .htaccess/.htpasswd files, but it don't seem to work. I'm suspecting that they have some weird settings in the conf of the apache server where I've got my account, but I havent got any answers yet.
So - can anyone tip me on what to do for security until I get .htaccess working?
I tried chmod'ing the whole admin directory - what a bummer...I hope not too many people were locked out too long...
Can I just chmod the admin.cgi to prevent any misuse?

Oh - btw - my .htaccess file looks like this:

AuthUserFile /[path is correct, I know it]
AuthGroupFile /dev/null
AuthName ByPassword
AuthType Basic
<Limit GET POST>
require user Macro
</Limit>

Thanks in advance.
Ørjan
Quote Reply
Re: Security if .htaccess don't work.. In reply to
I couldn't get that to work either, so i installed CGI Lockdown located here http://writecon.vineyard.net/...ts/cgilockdown.shtml Rod will try to help you out if you get stuck. It let's you send would be hackers to another site. Here's a good one for that. http://www.amishrakefight.org/gfy/ It even send me there ocassionally. That's a bit of a pain but worth the security.

Will

------------------
Will
Webmaster
FishHoo! Search index for Fishermen
http://www.fishhoo.com
Quote Reply
Re: Security if .htaccess don't work.. In reply to
I would check the version of Apache that is running on your ISP server. I also had problems with .htaccess when my ISP upgraded security patches on their Apache servers. I would check with your ISP as to how to set-up your .htaccess.

For example, these are the codes that work on Apache 1.3:

AuthUserFile /path/to/.htpasswd
AuthGroupFile /dev/null
AuthName "My Admin Area"
AuthType Basic

<Limit GET POST>
require valid-user
</Limit>

The codes you have work on Apache 1.1 and 1.2.1.

Regards,
------------------
Eliot Lee
Founder and Editor
Anthro TECH, L.L.C
http://www.anthrotech.com/
info@anthrotech.com
==========================
Coconino Community College
http://www.coco.cc.az.us/
Web Technology
Coordinator
elee@coco.cc.az.us

[This message has been edited by Eliot (edited May 16, 1999).]
Quote Reply
Re: Security if .htaccess don't work.. In reply to
I haven't received any confirmation from my webmaster on the apache setup yet.

Anyway - I figured, as all directories are not allowing directory listing, I could just change the admin directory's name.
My question is then, what files need to be changed for links to work properly with the admin dir renamed to adm or something similar?

Thanks.
Quote Reply
Re: Security if .htaccess don't work.. In reply to
Only the paths at the top of links.cfg need to be changed.

I hope this helps.
Quote Reply
Re: Security if .htaccess don't work.. In reply to
I discovered that the rate.cgi (and others in that dir) have a pointer to admin/links.cfg - they surely must be changed too?
Quote Reply
Re: Security if .htaccess don't work.. In reply to
Are you running on a virtual server?

If so, please see "My two cents . . .' at http://www.gossamer-threads.com/...um2/HTML/000818.html .
Quote Reply
Re: Security if .htaccess don't work.. In reply to
No - it's running under my account on a ~username type of url.
Quote Reply
Re: Security if .htaccess don't work.. In reply to
Macro,

The only time you will need to change the pointer to links.cfg in the scripts that include it as a "require" line is when you seem to have unusual problems with the scripts. For example, a lot of people report an error saying something like db.pl is not found. The script for that program that generates that error should then have the full path to the links.cfg file specified to eliminate that error. Of course, it doesn't hurt to put the full path on all the require statements, it just shouldn't be necessary unless you have some kind of weird, unexplained problems finding the Links modules.