.htaccess Configuration help

Help with .htaccess files for my website with apache

Page 1 of 1

2 Replies - 1419 Views - Last Post: 05 August 2009 - 11:12 AM

#1 katphyte  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 7
  • Joined: 21-June 09

.htaccess Configuration help

Post icon  Posted 03 August 2009 - 04:47 AM

I have done a lot of research in this, but I could really use some help. I'm sure that there is some sort of book out there called 'htaccess for dummies', but at least I don't have to place my skill level there. lol I've got some security access issues before I open up my site to the public, and I want to make sure they are strong and effective, of course.

I'm still learning about apache (we never stop learning though...) I know that I can lock folders with a click in the cpanel, but to me that's like using a calculator while you were supposed to be learning the elements and processes of calculations. I want to understand this from the base up. My host/server is on Hostmonster. I read some good recommendations and so far it has worked out well.

I'm trying to understand where I should be making the Public_Html pages and what is the difference in www access? Do they mirror each other? Change one and the other changes, as well with synchronized files? Should I be writing to my document root home folder for everything? The one that's outside the public html and www? Or should I edit private things from the document root?

It's a little hard to explain, but this is what I want to accomplish. Here's the current code piece that I have, but this just denies access from the web to everyone, of course, who has the credentials. That's fine while I am working on the site, but the configuration needs to be open in order to let the public, registered users, and superusers the correct access. I also currently have a robot.txt file blocking any bot access. I have a question about that, but I'll put it in a separate post.

# password protection allowing directory and file access
AuthType Basic
Authname "Restricted Area"
AuthUserFile /home/masterdirectorypath/ .htpasswd
AuthGroupFile /dev/null
Require Valid-User
SetEnvIf Request_URI "path/to/directory/)$" allow
SetEnvIf Request_URI "path/to/file.php)$" allow
Order allow,deny
Allow from env=allow
Satisfy any


Where do I place the file in order to give everyone/bot access to ONLY the home landing page and NOT any directory listings? Basically, there will be links on this page giving direction on how to proceed. I want the page to say that any link they click from this first page requires member registration? I'll have a single home landing page for the registered members once they are confirmed, with links to other areas. No bot access past the front page. Once they are registered, I want to give specific user/group access to a specific access configuration map.

For example, Bob signs up as a class 1 member (of which he is not aware of the category group he has been placed in.) I want him to have access to the 1st and general material forum. Then Joe signs up and I want him to be in a group that has access to the 1st forum AND a second specific topic forum that the group one won't be able to see.

The first forum is just going to be general topics which people can feel free to discuss openly. The second forum is for Mental Health and Eating Disorder Support. I want to protect people's privacy so that they feel safe writing about their feelings openly. Also, in my case, I want to be able to know that like my Dad is not reading about my personal issues, for example, so he would be placed in group one only.

And I definitely don't want any of the forums, blogs, etc. indexed by bots, so I need to put a robot.txt file in the correct place. I am guessing that I will have to write specific bot files at a certain level directory.

I hope this makes sense. I understand what I want, just not how to set it up. The apache site was helpful, but doesn't get as specific as I need.

Thank you and I look forward to your suggestions! :D

Is This A Good Question/Topic? 0
  • +

Replies To: .htaccess Configuration help

#2 BMR777  Icon User is offline

  • New D.I.C Head

Reputation: 2
  • View blog
  • Posts: 36
  • Joined: 01-February 09

Re: .htaccess Configuration help

Posted 03 August 2009 - 10:07 AM

It sounds from what I have read that you may be over-complicating things a bit. You've said you want certain parts of the site to only be able to be accessed by certain member groups? For that I would recommend a software solution, such as PHP, and not using .htaccess to block. For instance, I don't know what application you are using, but I would recommend coding a usergroups system into the application you are using, if one doesn't already exist in it. For instance, you could make a usergroup system in the application, then when unregistered users visit the site, just have all the pages via the software application redirect to the registration form or give an "Access Denied" message. Blanket .htaccess rules will keep everyone out, so if you do go the .htaccess route to keep people out you will only be able to grant access with .htaccess based on IP address or by use of a password, whereas with software you can control better who can access what parts of the site, as well as show an access denied error if they can't access that part of the site.

Also, most forum software packages have usergroup permissions built in that can limit who can see what.

As far as stopping users from browsing directories, the simplest thing to do is to put up an index.html file in the directory. This may also be of some use to stop browsing of directories as well.

The www folder is simply a shortcut to the public_html folder. Both lead to the same place. Anything stored in www or public_html is accessible via the web, but things stored below the public_html folder can only be viewed by you via CPanel or FTP. :)

Hope it helps,
Brandon
Was This Post Helpful? 0
  • +
  • -

#3 katphyte  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 7
  • Joined: 21-June 09

Re: .htaccess Configuration help

Posted 05 August 2009 - 11:12 AM

Thank you for your answer! Sorry it took me so long to get back to you!

I absolutely do tend to over-complicate things. :P I will try your suggestion. I'm using php for the forums. I haven't totally decided on which blog software I am going to use yet. I think I understand now.

Thanks for your help!
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1