parvinderg
asked on
Is it wise (&feasible) for me to use .htaccess file for my application??
Hi Mr. Hoffman and Mr. Samri,
How u doin? Well i want to clarify that is it wise and feasible to write .htaccess file for my application which will be live24/7 to thousands of users. Actually if you remember i have been constantly taking your and Samri's able guidance for hosting my application live. Still to refresh your memory i posted my query at (https://www.experts-exchange.com/questions/21100303/Precautions-to-Host-my-Live-application.html). I have almost implemented all the things which you guys suggested. My envt is RHL 9.0/ Apache2.0 with mod_mono/ Mono 1.0. The users will be accessing some other directories too in the main application directory. e.g if i have placed the application directory "apps" as under /var/www/html/apps, now in this apps directory i have some other directories which the users will be needing to retrieve some data for thier use. Should i check for the authentication at that level tool? All I want is that only valid users may have access to that data. Although at the first entry point the .NET applcation asks for the authentication of the valid user but i was still wondering from my, i mean Apache's point of view. I dont know whether this is a valid question or not and i think you are in a better position to guide me. So from that point of view what do you suggest? I would really appreciate if you could guide me step by step...
Thanks in advance
Regards!!
How u doin? Well i want to clarify that is it wise and feasible to write .htaccess file for my application which will be live24/7 to thousands of users. Actually if you remember i have been constantly taking your and Samri's able guidance for hosting my application live. Still to refresh your memory i posted my query at (https://www.experts-exchange.com/questions/21100303/Precautions-to-Host-my-Live-application.html). I have almost implemented all the things which you guys suggested. My envt is RHL 9.0/ Apache2.0 with mod_mono/ Mono 1.0. The users will be accessing some other directories too in the main application directory. e.g if i have placed the application directory "apps" as under /var/www/html/apps, now in this apps directory i have some other directories which the users will be needing to retrieve some data for thier use. Should i check for the authentication at that level tool? All I want is that only valid users may have access to that data. Although at the first entry point the .NET applcation asks for the authentication of the valid user but i was still wondering from my, i mean Apache's point of view. I dont know whether this is a valid question or not and i think you are in a better position to guide me. So from that point of view what do you suggest? I would really appreciate if you could guide me step by step...
Thanks in advance
Regards!!
Addition: You may take a look at Apache FAQ at http://httpd.apache.org/docs/misc/FAQ.html
Specif section : "G. Authentication and Access Restrictions"
cheers.
Specif section : "G. Authentication and Access Restrictions"
cheers.
ASKER
Thx Samri....I will just implement all these things and let u know..I m in US...btw where dya live?
Regards
Regards
If you don't like the .htaccess files in all over the place, you can use ONE file to crontrol
the login access. (eg: access.conf, or what evername you want to called it).
Just make sure that you httpd.conf has something looks like:
AccessConfig /etc/apache/access.conf
the login access. (eg: access.conf, or what evername you want to called it).
Just make sure that you httpd.conf has something looks like:
AccessConfig /etc/apache/access.conf
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
parvinderg,
Somewhere in GMT+8 timezone. It's in Kuala Lumpur - *just woked up after 8 hours of hibernation :)
Somewhere in GMT+8 timezone. It's in Kuala Lumpur - *just woked up after 8 hours of hibernation :)
ASKER
Hi Samri...
How u doin? It all great here:). Samri can u please help me in clarifying something about protecting server files in context to my case. How can i implement it when it comes to my application. What syntax do i need to write?
This is the link about which i need some explaination.
http://httpd.apache.org/docs-2.0/misc/security_tips.html#protectserverfiles
Regards
How u doin? It all great here:). Samri can u please help me in clarifying something about protecting server files in context to my case. How can i implement it when it comes to my application. What syntax do i need to write?
This is the link about which i need some explaination.
http://httpd.apache.org/docs-2.0/misc/security_tips.html#protectserverfiles
Regards
ASKER
can u explain especially about :
<Directory /usr/users/*/public_html>
Regards
<Directory /usr/users/*/public_html>
Regards
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks a lot Samri and yuzh...
Regards
Regards
i am almost off to bed.
Regarding validity -- yes, as long as your question has "apache" word in it. :)
So we are looking at the following directory tree:
/var/www/html
/var/www/html/apps
/var/www/html/otherstuff
...
and quick answer, YES, you could use .htaccess to protect the stuff in any folder. But first, jump to the usual :
http://httpd.apache.org/docs-2.0/howto/auth.html on protection and stuff.
http://httpd.apache.org/docs-2.0/howto/htaccess.html on more info on .htaccess
Most of the information is pretty much laid down by the Apache team there.
Basically, once you had protected the a directory (either in .htaccess in that folder, or in <Directory>.. tag in server config), the ACL is pretty much inherited to the folder underneath. As for your directory tree-- if you had protected /var/www/html/apps, andything /var/www/html/apps/apps1, /var/www/html/apps/apps2, /var/www/html/apps/apps3 etc. would be protected. Any access to any resource within that directory tree would be greeted with a password pop-up box.
Hope this could give you a kick start.