No announcement yet.

.htaccess, pw protection, and more

  • Filter
  • Time
  • Show
Clear All
new posts

  • .htaccess, pw protection, and more

    Alrighty, I use the following code to prevent hotlinking:

    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http://(www\.)?*$ [NC]
    RewriteRule \.(gif|jpg|js|css)$ - [F]
    Now, presently this is in .htaccess, which is located in my _html directory. HOWEVER, I'm going to be doing the whole .htpasswd thing, which requires that .htaccess be moved to the root directory.

    HOWEVER, I saw this code:

    <Files .htaccess>
    order allow,deny
    deny from all
    </Files> Now, if I put that in the .htaccess that I use to prevent hotlinking, wouldn't that prevent the function of that, and allow hotlinking again, since it can't be read anymore?

    If that's the case, would I need a separate .htaccess to link to .htpasswd? IE I'd have an open .htaccess in my _html directory to prevent hotlinking. Then I'd have another one in my root directory pointing to .htpasswd (Unless I can have an open .htaccess and a closed one both in the _html directory).

    Alright I'm new to this whole thing, here's what I want to do:

    Stop hotlinking (presently .htaccess is in the _html directory)

    Use the password protection (presently there's a .htpasswd FOLDER in my root directory, dunno what I should use this for, I guess this is for multiple pw protections).

    Here's what I understand I need to do:

    Put a .htpasswd file (which I don't know how to create yet with that .extension) in my .htpasswd folder.

    Put a .htaccess file SOMEWHERE to protect my PWs, and this will point BACK to .htpasswd. However, where do I put it and do i put that deny access code since it'll (I think) have to go somewhere in the _html directory.

    This is a really confusing post, I hope someone can help.

  • #2
    Alright I'll leave that up but let me see if I can say it better.

    I'm using the code posted first to prevent hotlinking, which is in my .htaccess file which is in my public_html folder (all my VB files are here, I do not use a /forums or whatever).

    Now, from what I understand, I'll be putting a .htpasswd file (DO NOT KNOW how to create, and how to upload as ASCII instead of binary) into my .htpasswd folder (already created).

    Then, I'll be using .htaccess (not sure where to put it) to link back to .htpasswd's location. This will complete the loop.

    However, in order to prevent access to .htaccess (since it'll be in the open due to its necessary location) I'll need to CHmod it to 644 OR use the code posted above.

    However, once I've got .htaccess in place (assuming I don't create another one and it's in the same place) if I do either of these (code or CHMod to prevent access) I'll also prevent access to the hotlink protection, right?

    So, my question is how many .htaccess do I need?

    And where do I put them. I'm guessing I leave the original one alone and open for viewing.

    However, the one to prevent access to the cPanel I'm not sure where to put. And should I prevent access to admin_cp as well as cPanel and if so, where do I put that?


    Related Topics