Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Use apache to limit access to javascript files?

Posted on 2002-04-26
7
161 Views
Last Modified: 2010-03-04
Hello

I'm trying to limit access to a javascript file.
Maybe it can't be done, but I thought I'd ask.

Thanks

v
0
Comment
Question by:vlg
  • 4
  • 3
7 Comments
 
LVL 15

Expert Comment

by:samri
ID: 6974949
Perhaps you could use Location or LocationMatch directive;

<Location /*exe>
 Deny from all
</Location>

Apache documentation come with quite a great example on Location/LocationMatch directives.

http://httpd.apache.org/docs-2.0/mod/core.html#location

http://httpd.apache.org/docs-2.0/mod/core.html#locationmatch
0
 

Author Comment

by:vlg
ID: 6977742
samri -

Thanks for the links.  I read the docs.

When you say, "Perhaps..." does that mean you haven't tried this?

v
0
 
LVL 15

Accepted Solution

by:
samri earned 50 total points
ID: 6977794
V,

I did try it before posting the comment.  The fact that I cannot be 100% sure is that I tried to limit *.exe on my Win32 Apache 1.3.24.

I rather be realistic than optimistic.  In most cases it should (gee.. It must work), but there might be possibilities that it might not work.  For example, I have test if the *.js file is within the INCLUDE tag for example.  Mind the terminology, I'm pretty much naive in web technology.

I would presume that you ought to try it on the development platform.  do not have one - the trick is, you can have muptiple apache running on one machine, but make sure the are not fighting over port 80/TCP, use different port for the test apache, and get it installed, lets say in /usr/local/apache-test.

Please, I would be excited to know on whether it works for your particular case.

cheers.
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 

Author Comment

by:vlg
ID: 6978351
Well, it didn't really work.
It stopped me from getting to the javascript file, but it stopped my webpage from getting it, too. :(
Well - if you can think of a way to allow only my web apge to get the javascript file, let me know.
Thanks
v
0
 
LVL 15

Expert Comment

by:samri
ID: 6979209
vlg,

could you post the exact <Location> directive That you use?
0
 

Author Comment

by:vlg
ID: 6980983
Hello samri

Thanks for helping me after the points have been awarded - lots of people wouldn't do that.
If this isn't a simple fix, I'll give you some more points for your help.
Anyways, the Location directive didn't stop anything, so I used LocationMatch:

This killed everything:

<LocationMatch /*js>
Deny from all
</LocationMatch>

I've been experimenting with this:

<LocationMatch /*js>
Order allow, deny
allow from 127.0.0.1
Deny from all
</LocationMatch>

but it's not working.

Thanks

v
0
 

Author Comment

by:vlg
ID: 6981449
ps - when I say "it's not working" I mean, it's still disallowing all requests for the javascript file, even from the web page.
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

As Wikipedia explains 'robots.txt' as -- the robot exclusion standard, also known as the Robots Exclusion Protocol or robots.txt protocol, is a convention to prevent cooperating web spiders and other web robots from accessing all or part of a websit…
If you've heard about htaccess and it sounds like it does what you want, but you're not sure how it works... well, you're in the right place. Read on. Some Basics #1. It's a file and its filename is .htaccess (yes, with a dot in the front). #…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question