HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.

Bypass .htaccess protection on a folder?

3stripe3stripe ✭✭
edited February 2006 in Vanilla 1.0 Help
Another non vanilla coding question for anyone who's bored but friendly...

I've got an htaccess protected folder... but need to allow a cgi script running on another host to access this folder... (long story)

I've tried the below which I found, but it's giving me nasty 500 Internal Server Errors, can anyone help with this?

<Directory /usr/local/apache/htdocs/sekrit> AuthType Basic AuthName intranet AuthUserFile /www/passwd/users AuthGroupFile /www/passwd/groups Require group customers Order allow,deny Allow from external.com Satisfy any </Directory>

Comments

  • what does error.log say?
  • Cant you make logins for the cgi script and use them to access the folder? Or does that work?
  • The cgi script is on another site! (It scans the page and reads the text out - but obviously can't get into my password protected folder) Will check error.log files, cheers!
  • I'd imagine letting any old script access your protected files would remove the benefit of protecting them to begin with.
  • It should be possible to only allow access from 1 external ip or domain though?
  • Surely something like

    RewriteCond %{HTTP_REFERER} !friendlysite\.com [NC] would work.

    Not those exact terms but along those lines.
  • Is thie above in an .htaccess file or your apache conf? If the former, drop the <Directory> tags and try just running with the straight rules. FWIW, what you have so far *should* work, as equivalent rules run as expected on my server.
  • yeah it's .htaccess.... not had time to test anything yet but should do today hopefully
  • can you use wget? it supports http authentication...
This discussion has been closed.