Solved

Use apache to limit access to javascript files?

Posted on 2002-04-26
7
162 Views
Last Modified: 2010-03-04
Hello

I'm trying to limit access to a javascript file.
Maybe it can't be done, but I thought I'd ask.

Thanks

v
0
Comment
Question by:vlg
  • 4
  • 3
7 Comments
 
LVL 15

Expert Comment

by:samri
ID: 6974949
Perhaps you could use Location or LocationMatch directive;

<Location /*exe>
 Deny from all
</Location>

Apache documentation come with quite a great example on Location/LocationMatch directives.

http://httpd.apache.org/docs-2.0/mod/core.html#location

http://httpd.apache.org/docs-2.0/mod/core.html#locationmatch
0
 

Author Comment

by:vlg
ID: 6977742
samri -

Thanks for the links.  I read the docs.

When you say, "Perhaps..." does that mean you haven't tried this?

v
0
 
LVL 15

Accepted Solution

by:
samri earned 50 total points
ID: 6977794
V,

I did try it before posting the comment.  The fact that I cannot be 100% sure is that I tried to limit *.exe on my Win32 Apache 1.3.24.

I rather be realistic than optimistic.  In most cases it should (gee.. It must work), but there might be possibilities that it might not work.  For example, I have test if the *.js file is within the INCLUDE tag for example.  Mind the terminology, I'm pretty much naive in web technology.

I would presume that you ought to try it on the development platform.  do not have one - the trick is, you can have muptiple apache running on one machine, but make sure the are not fighting over port 80/TCP, use different port for the test apache, and get it installed, lets say in /usr/local/apache-test.

Please, I would be excited to know on whether it works for your particular case.

cheers.
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 

Author Comment

by:vlg
ID: 6978351
Well, it didn't really work.
It stopped me from getting to the javascript file, but it stopped my webpage from getting it, too. :(
Well - if you can think of a way to allow only my web apge to get the javascript file, let me know.
Thanks
v
0
 
LVL 15

Expert Comment

by:samri
ID: 6979209
vlg,

could you post the exact <Location> directive That you use?
0
 

Author Comment

by:vlg
ID: 6980983
Hello samri

Thanks for helping me after the points have been awarded - lots of people wouldn't do that.
If this isn't a simple fix, I'll give you some more points for your help.
Anyways, the Location directive didn't stop anything, so I used LocationMatch:

This killed everything:

<LocationMatch /*js>
Deny from all
</LocationMatch>

I've been experimenting with this:

<LocationMatch /*js>
Order allow, deny
allow from 127.0.0.1
Deny from all
</LocationMatch>

but it's not working.

Thanks

v
0
 

Author Comment

by:vlg
ID: 6981449
ps - when I say "it's not working" I mean, it's still disallowing all requests for the javascript file, even from the web page.
0

Featured Post

Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In Solr 4.0 it is possible to atomically (or partially) update individual fields in a document. This article will show the operations possible for atomic updating as well as setting up your Solr instance to be able to perform the actions. One major …
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question