Apache Server Web directories access restrictions

Multi tool use
Multi tool useThe name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP


Apache Server Web directories access restrictions



I have set up an apache server, hosting a website.



For example In my website you can play with an online javascript atari roms. Whenever you load a rom in the website, the javascript temporarily downloads it to your browsers cache.



If you for example write website.com/roms/atari.zip you can download this rom. I do not want this.



Is there a way to forbid direct access to this file but also whitelisting access from within the javascript requests?



Many thank you in advance.





you can require a specific request header, which you supply with javascript request, and forbid access without that header. However, if someone knows and provides that header, the file would be accessible with direct link as well. would that be what you want?
– eis
1 hour ago







yes no problem sounds great. but bacuse im a noob how to do this? as you cn see this one neptunjs.xyz/atari.html even though within his javascript you download the game when you go to neptunjs.xyz/roms/atari/E.T. - The Extra-Terrestrial.zip you cant download it.
– immeckro
40 mins ago






1 Answer
1



Requiring Authorization header is one way to do this.



Creating an authentication user:


/path/to/htpasswd -c /etc/htpasswd/.htpasswd downloaduser



And you'd supply the password. Note that the command above will create a new file, overwriting a previous one.



You would configure it in httpd.config like:


<Directory "/var/www/html/roms">
AuthType Basic
AuthName "Authentication Required"
AuthUserFile "/etc/htpasswd/.htpasswd"
Require valid-user
</Directory>



Then, with XHR request in javascript,


req.setRequestHeader('Authorization','Basic ' + Base64StringOfUserColonPassword);



base64StringOFUserColonPassword is what the name implies, you can get it like window.btoa(username + ":" + password)), or with base64 command line command.


window.btoa(username + ":" + password))


base64



Further reading:



Edit: there are xampp specific instructions for example here: http://chandanpatra.blogspot.com/2013/08/basic-authentication-with-htpasswd-in.html. The process is as I outlined for xampp as well.





thank you for all of this but im running apache through xampp on windows..
– immeckro
7 mins ago





@immeckro only part of my answer that is not directly applicable to windows is htpasswd command. you can use web tool like htaccesstools.com/htpasswd-generator-windows instead of command line.
– eis
5 mins ago





@immeckro added xampp-specific link in my answer now
– eis
4 mins ago






By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.

Nx6,D8uPdirUHfAEpsvaG,hul e2sd0H6gwPc qoXBPha7rspf0BxPb1 x p LM
-
6vBxCvrEkr,D6Zv1hbVcfZGvvzxuxX,8,Y12VTFfLG1c euUdC1ns55U 1Mxlt UXDQ sEBx9nS,Ef

Popular posts from this blog

Makefile test if variable is not empty

Makefile test if variable is not empty In a makefile I'm trying to I've created this simplified makefile to demonstrate my problem. Neither make a or make b executes the body of the if, I don't understand why not. make a make b .PHONY: a b a: $(eval MY_VAR = $(shell echo whatever)) @echo MY_VAR is $(MY_VAR) $(info $(MY_VAR)) ifneq ($(strip $(MY_VAR)),) @echo "should be executed" endif @echo done b: $(eval MY_VAR = $(shell echo '')) @echo MY_VAR is $(MY_VAR) $(info $(MY_VAR)) ifneq ($(strip $(MY_VAR)),) @echo "should not be executed" endif @echo done I'm using $ make --version GNU Make 3.81 There are several problems, and misunderstandings. Your MY_VAR is a make variable, set it without a <tab> to its value, and no need to $(eval ...) . MY_VAR:=$(shell echo whatever) is enough. No <tab> before $(info ...) neither, this is make – Zelnes ...
Read more

Will Oldham

Image
"Palace Music" redirects here. For the racehorse, see Palace Music (horse). Bonnie 'Prince' Billy Will Oldham, June 6, 2009 Background information Birth name William Oldham Also known as Palace Brothers Palace Music Bonnie 'Prince' Billy Born ( 1970-12-24 ) December 24, 1970 (age 47) Louisville, Kentucky, United States Genres Folk alternative country country freak folk [1] Years active 1993–present Labels Drag City, Domino, Spunk Associated acts Dawn McCarthy, The Cairo Gang, Mekons, Matt Sweeney, Mick Turner, Tortoise, Trembling Bells, Harem Scarem, The Picket Line, Alex Neilson, Björk, Slint Website www.bonnieprincebilly.com Will Oldham (born December 24, 1970), better known by the stage name Bonnie 'Prince' Billy , is an American singer-songwriter and actor. From 1993 to 1997, he performed and recorded under variations of the Palace name, including the Palace Brothers, Palace Songs, and Palace Music. After releasing material under his own name,...
Read more

Visual Studio Code: How to configure includePath for better IntelliSense results

Image
Clash Royale CLAN TAG #URR8PPP Visual Studio Code: How to configure includePath for better IntelliSense results so I am a complete beginner to using Visual Studio Code and I have no clue what I am doing. I've searched around (maybe not enough), but I cant find just a simple explanation for someone like me on how to configure the c_cpp_properties.json file that I am redirected to whenever I click on the yellow lightbulb next to a line that is underlined with a green squiggle. Lightbulb example c_cpp_properties.json I just want to know what to put in the .json to make IntelliSense work properly This question has answers that may be good or bad; the system has marked it active so that they can be reviewed. 2 Answers 2 From: https://code.visualstudio.com/docs/languages/cpp Below you can see that the MinGW C++ include path has been added to browse.path for Windows: { "name": "Win32...
Read more