1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Visitors are getting to these pages that should be inaccessible

Discussion in 'Security' started by greatlogix, Dec 5, 2007.

0
  1. #1
    I have some templates files on my site. They are not linked from any page of my site. I am using 'Bold Chat' for site support. This tool allows me to see that on which page a customer is doing some activity. I saw in bold chat that one visitor was accessing my template page _template.php. How a vistior can access this page. How I can prevent visitors from viewing inaccessible pages?

    Please advise.
     
    greatlogix, Dec 5, 2007 IP
  2. BTS

    BTS Active Member

    Messages:
    184
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    58
    #2
    use .htaccess to protect them with login & password
     
    BTS, Dec 6, 2007 IP
  3. hostingonweb

    hostingonweb Peon

    Messages:
    47
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #3
    .htaccess is the best way. You can have a password protected directory.
     
    hostingonweb, Dec 7, 2007 IP
  4. Ladadadada

    Ladadadada Peon

    Messages:
    382
    Likes Received:
    36
    Best Answers:
    0
    Trophy Points:
    0
    #4
    You can do this with a password which would allow you to view the files if you wanted:

    First, you need a password. Use:
    htpasswd -c /path/to/htpasswd greatlogix
    Code (markup):
    Change /path/to to a directory on your system. Make sure the htpasswd file is NOT in your web directory. Otherwise, people may be able to find your encrypted password and crack it.

    If you want to add more users, drop the -c from the command.

    Next, you need this in a .htaccess file:
    AuthUserFile /path/to/htpasswd
AuthType Basic
AuthName "Secret templates"

<Files "_template.php">
  Require valid-user
</Files>
    Code (markup):
    If you remove the <Files> section, the password will be required for the entire directory that the .htaccess is in. If you want more files, just add another <Files> secion with the new filename.

    If you don't need access to the files at all, even with a password, you could simply deny access to all users. This is as simple as a rewrite rule:
    RewriteRule ^_template.php$ - [F]
    Code (markup):
    None of this will have any effect on your PHP code including the template to display your pages. It only affects people requesting your _template.php file directly.

    After all that... is it so much of a problem ? What harm comes from people requesting the template file ?
     
    Ladadadada, Dec 8, 2007 IP
  5. UnknownFury

    UnknownFury Peon

    Messages:
    15
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #5
    Just because they're not linked to doesn't mean they can't access it. Use htaccess to password protect it. Or i believe, not 100% sure that if your website is like mine and you have public_html if you don't put it in that it can't be seen but i might be wrong you might be able to use ../
     
    UnknownFury, Dec 9, 2007 IP
  6. ven123

    ven123 Banned

    Messages:
    389
    Likes Received:
    7
    Best Answers:
    0
    Trophy Points:
    0
    #6
    block it using htaccess
     
    ven123, Dec 12, 2007 IP