alternate security meathod needed .htaccess / php

Portal Home > Knowledgebase > Articles Database > alternate security meathod needed .htaccess / php

Posted by Bob132, 09-02-2009, 03:24 PM
previously had prevented particular pages from being viewed in htaccess files by listing the .html names of the files (FilesMatch) w/ domain/IP restrictions. The web page has been converted to php and now has and index.php file that is always displayed with the differing content piped in by opening the original html files. So pages are differentiated as follows index.php?content = value3. In the scripting portion the valuex portion dirrects which html file to open. The problem with doing it this was is that the html files that were previously restricted are no longer. Is there a way to restore the original security features .htaccess or not?
Posted by Newbie, 09-02-2009, 03:41 PM
throw the html files in a directory with htpasswd http://httpd.apache.org/docs/2.0/programs/htpasswd.html
Posted by SPaReK, 09-02-2009, 03:48 PM
You would need to do this filtering in the index.php PHP script. You might be able to do it with mod_rewrite in your .htaccess file, but I cannot be particular if this can be accomplished.
Posted by microbloghosting, 09-03-2009, 03:55 AM
htpassword should be good.
Posted by zoticaic, 09-03-2009, 04:06 AM
If you need to allow particular HTML files via index.php and restrict the other, it is more secure doing it within index.php itself. Since index.php is exposed to directory traversal vulneraibility i.e. index.php?content=../../../../../../etc/passwd%%00

Add to Favourites Print this Article