Imagine you have a website and a subdirectory (say, http://example.com/gallery/) and you now want to make use of a subdomain instead (say, http://gallery.example.com)

Doesn't sound too hard, does it?

Sat, 01/05/2010 - 19:31 — horuskol

Using the or directives to restrict access to specific areas of a website only works if there is actually a physical file or directory. But as more and more site frameworks are using rewritten URLs, the chances of a URL mapping to a physical file or directory are getting pretty slim.

So, what can you do in these circumstances?

Well, something like this:

Satisfy any
 
Order allow,deny
 
SetEnvIf Request_URI "^/admin" admin
Deny from env=admin
 
AuthUserFile /var/www/your-website/.htpasswd
AuthType Basic
AuthName "Authentication Required"

Sat, 01/05/2010 - 19:00 — horuskol

If you want to restrict access to a specific directory, such as an administration section, you have a couple of options. First, you can drop a .htaccess file into the directory which you want to restrict and set it up like this:

AuthUserFile /var/www/your-website/.htpasswd
AuthType Basic
AuthName "Authentication Required"
 
Require valid-user

Sat, 01/05/2010 - 18:39 — horuskol

This should be fairly useful - it sets up a trusted connection (always allow access to people on a specific network) and requires authentication for anyone else outside of that network.

Satisfy any
 
Order deny,allow
Deny from all
 
Allow from 192.168.1
 
AuthUserFile /var/www/your-website/.htpasswd
AuthType Basic
AuthName "Authentication Required"
 
Require valid-user

Satisfy Directive

Sat, 01/05/2010 - 18:17 — horuskol

If you want to lockdown your website, but do not need a full user access solution built in PHP or ASP, etc, you can make use of a variety of authentication options with Apache.

This example uses the basic authentication methods available to the core of Apache httpd:

AuthUserFile /var/www/your-website/.htpasswd
AuthType Basic
AuthName "Authentication Required"
Require valid-user

.htpasswd file

Sat, 01/05/2010 - 17:48 — horuskol

First off, restricting access to your entire website is pretty easy.

All you need to do is put the following at the top of the .htaccess file in your website's document root:

Order deny,allow
Deny from all

This will prevent anyone from seeing your website. Admittedly, not terribly useful, but it's a start.

It is important not to have a space in 'deny,allow', as this will cause an Apache server error.

Sat, 01/05/2010 - 17:14 — horuskol

For most applications, there really isn't all that much to Apache configuration beyond setting up the virtual host and document root.

But Apache has a lot more to offer, and this set of articles will show how to set up some security on your site.

Mon, 01/03/2010 - 19:50 — horuskol

As I go further down the rabbit hole that is web-development, and break away from the path of pre-built libraries and frameworks, I just keep learning more.

A few weeks ago I finally got around to creating my own collection class - for the uninitiated, a collection is a way of creating something that behaves like an array, but with the added advantage of having inheritable and extensible methods, like an object.

Sat, 02/05/2009 - 23:27 — horuskol

One of my major projects at the moment is a large subscription-based knowledge-base management system. Along with the actual content management for the site, another major requirement for the site is to make the information as easy to find as possible – utilising organisation, related keywords, and, of course, a search engine. One of the design decisions was not to use an indexing script, as all of the content was already stored in the database, and a custom search engine would be easier to configure to add bias and weighting to particular sections of the content.

Sun, 31/08/2008 - 20:41 — horuskol

It's been a web design mantra for years now - tables are for data, not for structure.

The simple reason is that it is easier to apply CSS positioning to elements outside of tables - whereas, moving a table cell has compounding knock-on effects - column and row issues which need to be cleaned up before the table will be valid and display properly again.

Another reason is that tables used for structure do not make use of a lot of the other related elements which help browsers to render the table (colgroups, for example), making them pretty slow to display on a page.