Bypass .htaccess protection on a folder?

3stripe · January 2006

Another non vanilla coding question for anyone who's bored but friendly...

I've got an htaccess protected folder... but need to allow a cgi script running on another host to access this folder... (long story)

I've tried the below which I found, but it's giving me nasty 500 Internal Server Errors, can anyone help with this?

<Directory /usr/local/apache/htdocs/sekrit>
  AuthType Basic
  AuthName intranet
  AuthUserFile /www/passwd/users
  AuthGroupFile /www/passwd/groups
  Require group customers
  Order allow,deny
  Allow from external.com
  Satisfy any
</Directory>

ithcy · January 2006

what does error.log say?

Kosmo · February 2006

Cant you make logins for the cgi script and use them to access the folder? Or does that work?

3stripe · February 2006

The cgi script is on another site! (It scans the page and reads the text out - but obviously can't get into my password protected folder) Will check error.log files, cheers!

Bergamot · February 2006

I'd imagine letting any old script access your protected files would remove the benefit of protecting them to begin with.

3stripe · February 2006

It should be possible to only allow access from 1 external ip or domain though?

giginger · February 2006

Surely something like

RewriteCond %{HTTP_REFERER} !friendlysite\.com [NC] would work.

Not those exact terms but along those lines.

bshultz · February 2006

Is thie above in an .htaccess file or your apache conf? If the former, drop the <Directory> tags and try just running with the straight rules. FWIW, what you have so far *should* work, as equivalent rules run as expected on my server.

3stripe · February 2006

yeah it's .htaccess.... not had time to test anything yet but should do today hopefully

ithcy · February 2006

can you use wget? it supports http authentication...

Bypass .htaccess protection on a folder?

Comments