Solved

Use apache to limit access to javascript files?

Posted on 2002-04-26
7
158 Views
Last Modified: 2010-03-04
Hello

I'm trying to limit access to a javascript file.
Maybe it can't be done, but I thought I'd ask.

Thanks

v
0
Comment
Question by:vlg
  • 4
  • 3
7 Comments
 
LVL 15

Expert Comment

by:samri
Comment Utility
Perhaps you could use Location or LocationMatch directive;

<Location /*exe>
 Deny from all
</Location>

Apache documentation come with quite a great example on Location/LocationMatch directives.

http://httpd.apache.org/docs-2.0/mod/core.html#location

http://httpd.apache.org/docs-2.0/mod/core.html#locationmatch
0
 

Author Comment

by:vlg
Comment Utility
samri -

Thanks for the links.  I read the docs.

When you say, "Perhaps..." does that mean you haven't tried this?

v
0
 
LVL 15

Accepted Solution

by:
samri earned 50 total points
Comment Utility
V,

I did try it before posting the comment.  The fact that I cannot be 100% sure is that I tried to limit *.exe on my Win32 Apache 1.3.24.

I rather be realistic than optimistic.  In most cases it should (gee.. It must work), but there might be possibilities that it might not work.  For example, I have test if the *.js file is within the INCLUDE tag for example.  Mind the terminology, I'm pretty much naive in web technology.

I would presume that you ought to try it on the development platform.  do not have one - the trick is, you can have muptiple apache running on one machine, but make sure the are not fighting over port 80/TCP, use different port for the test apache, and get it installed, lets say in /usr/local/apache-test.

Please, I would be excited to know on whether it works for your particular case.

cheers.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:vlg
Comment Utility
Well, it didn't really work.
It stopped me from getting to the javascript file, but it stopped my webpage from getting it, too. :(
Well - if you can think of a way to allow only my web apge to get the javascript file, let me know.
Thanks
v
0
 
LVL 15

Expert Comment

by:samri
Comment Utility
vlg,

could you post the exact <Location> directive That you use?
0
 

Author Comment

by:vlg
Comment Utility
Hello samri

Thanks for helping me after the points have been awarded - lots of people wouldn't do that.
If this isn't a simple fix, I'll give you some more points for your help.
Anyways, the Location directive didn't stop anything, so I used LocationMatch:

This killed everything:

<LocationMatch /*js>
Deny from all
</LocationMatch>

I've been experimenting with this:

<LocationMatch /*js>
Order allow, deny
allow from 127.0.0.1
Deny from all
</LocationMatch>

but it's not working.

Thanks

v
0
 

Author Comment

by:vlg
Comment Utility
ps - when I say "it's not working" I mean, it's still disallowing all requests for the javascript file, even from the web page.
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

As Wikipedia explains 'robots.txt' as -- the robot exclusion standard, also known as the Robots Exclusion Protocol or robots.txt protocol, is a convention to prevent cooperating web spiders and other web robots from accessing all or part of a websit…
In Solr 4.0 it is possible to atomically (or partially) update individual fields in a document. This article will show the operations possible for atomic updating as well as setting up your Solr instance to be able to perform the actions. One major …
This video discusses moving either the default database or any database to a new volume.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now