Learn how to a build a cloud-first strategyRegister Now


htaccess subfolder

Posted on 2005-04-11
Medium Priority
Last Modified: 2008-01-09
I have an htaccess file that users login as a client.  All clients with a password can get to this folder.  I also want clients to have access to their own subfolder.  can I allow clients access to their own subfolder without a second login prompt while still narrowing the access to the subfolders so that all clients do not have access to all folders?
Question by:jimfrith
  • 3
LVL 24

Expert Comment

ID: 13758585
Oooo, fun.

You are using Apache I presume?  On Windows or Linux?
LVL 17

Expert Comment

ID: 13767323
If i understannd it correctly, each folder has its own .htaccess file. Each .htaccess file *can* specify a separate .htpasswd file or use a common one. So you can protect each folder as much or as little as you want. I'm not sure, however, if the way the browser cookies work mean that logging in to one folder as UserX means you can access a second folder as the same user without logging in again.

I can feel an experiment coming along.
LVL 24

Expert Comment

ID: 13767418
Well, htaccess files don't create cookies anyway, they cause the browser to authenticate with the server - which is nothing to do with cookies.  This means that if you have a Save Password option (Firefox does, as does Internet Destroyer... I mean, Explorer) that should be fine.
LVL 24

Accepted Solution

purplepomegranite earned 2000 total points
ID: 13767456
Full details for htaccess are found here: http://httpd.apache.org/docs-2.0/howto/htaccess.html

Points worth noting btw, copied straight from Apache documentation:

There are two main reasons to avoid the use of .htaccess files.

The first of these is performance. When AllowOverride is set to allow the use of .htaccess files, Apache will look in every directory for .htaccess files. Thus, permitting .htaccess files causes a performance hit, whether or not you actually even use them! Also, the .htaccess file is loaded every time a document is requested.

The second consideration is one of security. You are permitting users to modify server configuration, which may result in changes over which you have no control. Carefully consider whether you want to give your users this privilege. Note also that giving users less privileges than they need will lead to additional technical support requests. Make sure you clearly tell your users what level of privileges you have given them. Specifying exactly what you have set AllowOverride to, and pointing them to the relevant documentation, will save yourself a lot of confusion later.

Note that it is completely equivalent to put a .htaccess file in a directory /www/htdocs/example containing a directive, and to put that same directive in a Directory section <Directory /www/htdocs/example> in your main server configuration:

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware - Defeated! Client opened the wrong email and was attacked by Ransomware. I was able to use file recovery utilities to find shadow copies of the encrypted files and make a complete recovery.
Securing your business data in current era should be your biggest priority. Numerous people are unaware of the fact that insiders commit more than 60 percent of security breaches. You need to figure out the underlying cause and invoke your potential…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question