| Restricting access to a website [message #174800] |
Mon, 11 July 2011 02:01  |
Graham Hobbs
Messages: 42
Registered: September 2010
Karma: 0
|
Member |
|
|
Hello,
I 'very laboriously' coded my index.php (close to novice level), for
my website and it is up and running. It's not public yet and needs to
stay that way. I need to give the address to two people who will help
with my product's development .. but they could reveal the address
anywhere, inadvertently or otherwise.
If, for example, my website is www .lahdedah. com, I want to allow
full access to these two people (and me:-)) .. others would get a
'Sorry, not yet available' screen. I envision hard coding their home
address's into my index.php?? Am not interested in any additional
typing by these three.
Hope I've been clear. Is this feasible, easy/hard/unusual?
Please, thanks
Graham
|
|
|
|
| Re: Restricting access to a website [message #174801 is a reply to message #174800] |
Mon, 11 July 2011 02:21  |
Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 7/10/2011 10:01 PM, Graham Hobbs wrote:
> Hello,
>
> I 'very laboriously' coded my index.php (close to novice level), for
> my website and it is up and running. It's not public yet and needs to
> stay that way. I need to give the address to two people who will help
> with my product's development .. but they could reveal the address
> anywhere, inadvertently or otherwise.
>
> If, for example, my website is www .lahdedah. com, I want to allow
> full access to these two people (and me:-)) .. others would get a
> 'Sorry, not yet available' screen. I envision hard coding their home
> address's into my index.php?? Am not interested in any additional
> typing by these three.
>
> Hope I've been clear. Is this feasible, easy/hard/unusual?
> Please, thanks
> Graham
There are any number of ways to do it, none of which require PHP or any
other server-side language. Try alt.apache.configuration (assuming, of
course, you're using Apache).
Also, unless you are David Small of Small Expressions, you shouldn't be
using his domain name in an example. Use www.example.com, which is
reserved for just such a purpose.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
|
|
|
|
| Re: Restricting access to a website [message #174802 is a reply to message #174801] |
Mon, 11 July 2011 02:49 |
 |
richard
Messages: 213
Registered: June 2013
Karma: 0
|
Senior Member |
|
|
On Sun, 10 Jul 2011 22:21:41 -0400, Jerry Stuckle wrote:
> On 7/10/2011 10:01 PM, Graham Hobbs wrote:
>> Hello,
>>
>> I 'very laboriously' coded my index.php (close to novice level), for
>> my website and it is up and running. It's not public yet and needs to
>> stay that way. I need to give the address to two people who will help
>> with my product's development .. but they could reveal the address
>> anywhere, inadvertently or otherwise.
>>
>> If, for example, my website is www .lahdedah. com, I want to allow
>> full access to these two people (and me:-)) .. others would get a
>> 'Sorry, not yet available' screen. I envision hard coding their home
>> address's into my index.php?? Am not interested in any additional
>> typing by these three.
>>
>> Hope I've been clear. Is this feasible, easy/hard/unusual?
>> Please, thanks
>> Graham
>
> There are any number of ways to do it, none of which require PHP or any
> other server-side language. Try alt.apache.configuration (assuming, of
> course, you're using Apache).
>
> Also, unless you are David Small of Small Expressions, you shouldn't be
> using his domain name in an example. Use www.example.com, which is
> reserved for just such a purpose.
You should look at my registration.
Brent Oxley doesn't own my domain.
I just never bothered to change the technical info.
I figure that since that is where the domain is registered at, then that
info satisfies the ICANN rules.
If I need to be contacted, the registrar can contact me directly any time.
|
|
|
|
| Re: Restricting access to a website [message #174804 is a reply to message #174800] |
Mon, 11 July 2011 07:17 |
The Natural Philosoph
Messages: 993
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
Graham Hobbs wrote:
> Hello,
>
> I 'very laboriously' coded my index.php (close to novice level), for
> my website and it is up and running. It's not public yet and needs to
> stay that way. I need to give the address to two people who will help
> with my product's development .. but they could reveal the address
> anywhere, inadvertently or otherwise.
>
> If, for example, my website is www .lahdedah. com, I want to allow
> full access to these two people (and me:-)) .. others would get a
> 'Sorry, not yet available' screen. I envision hard coding their home
> address's into my index.php?? Am not interested in any additional
> typing by these three.
>
> Hope I've been clear. Is this feasible, easy/hard/unusual?
> Please, thanks
> Graham
If they are on fixed IP, its a snap to respond differently to them.
If they are on dynamic addresses the quick hack is to drop a password
protection file (.htaccess typically) in the server root directory and
create usernames and passwords for them.
But that's an apache setup issue, and off topic here.
|
|
|
|
| Re: Restricting access to a website [message #174808 is a reply to message #174802] |
Mon, 11 July 2011 10:38 |
Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 7/10/2011 10:49 PM, richard wrote:
> On Sun, 10 Jul 2011 22:21:41 -0400, Jerry Stuckle wrote:
>
>> On 7/10/2011 10:01 PM, Graham Hobbs wrote:
>>> Hello,
>>>
>>> I 'very laboriously' coded my index.php (close to novice level), for
>>> my website and it is up and running. It's not public yet and needs to
>>> stay that way. I need to give the address to two people who will help
>>> with my product's development .. but they could reveal the address
>>> anywhere, inadvertently or otherwise.
>>>
>>> If, for example, my website is www .lahdedah. com, I want to allow
>>> full access to these two people (and me:-)) .. others would get a
>>> 'Sorry, not yet available' screen. I envision hard coding their home
>>> address's into my index.php?? Am not interested in any additional
>>> typing by these three.
>>>
>>> Hope I've been clear. Is this feasible, easy/hard/unusual?
>>> Please, thanks
>>> Graham
>>
>> There are any number of ways to do it, none of which require PHP or any
>> other server-side language. Try alt.apache.configuration (assuming, of
>> course, you're using Apache).
>>
>> Also, unless you are David Small of Small Expressions, you shouldn't be
>> using his domain name in an example. Use www.example.com, which is
>> reserved for just such a purpose.
>
> You should look at my registration.
> Brent Oxley doesn't own my domain.
> I just never bothered to change the technical info.
> I figure that since that is where the domain is registered at, then that
> info satisfies the ICANN rules.
>
> If I need to be contacted, the registrar can contact me directly any time.
Which has absolutely nothing to do with what I said.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
|
|
|
|
| Re: Restricting access to a website [message #174815 is a reply to message #174801] |
Mon, 11 July 2011 20:08 |
Graham Hobbs
Messages: 42
Registered: September 2010
Karma: 0
|
Member |
|
|
On Sun, 10 Jul 2011 22:21:41 -0400, Jerry Stuckle
<jstucklex(at)attglobal(dot)net> wrote:
> On 7/10/2011 10:01 PM, Graham Hobbs wrote:
>> Hello,
>>
>> I 'very laboriously' coded my index.php (close to novice level), for
>> my website and it is up and running. It's not public yet and needs to
>> stay that way. I need to give the address to two people who will help
>> with my product's development .. but they could reveal the address
>> anywhere, inadvertently or otherwise.
>>
>> If, for example, my website is www .lahdedah. com, I want to allow
>> full access to these two people (and me:-)) .. others would get a
>> 'Sorry, not yet available' screen. I envision hard coding their home
>> address's into my index.php?? Am not interested in any additional
>> typing by these three.
>>
>> Hope I've been clear. Is this feasible, easy/hard/unusual?
>> Please, thanks
>> Graham
>
> There are any number of ways to do it, none of which require PHP or any
> other server-side language. Try alt.apache.configuration (assuming, of
> course, you're using Apache).
>
> Also, unless you are David Small of Small Expressions, you shouldn't be
> using his domain name in an example. Use www.example.com, which is
> reserved for just such a purpose.
---
Jerry, folks, thanks,
Will check into alt.apache.configuration and apologies about lahdedah,
didn't know about example.com.
But I wasn't emphatic enough .. yes I would know their IP addresses so
CAN I hard code them in my index.php? Yes or no would do and a PHP
buzzword I might search on to get started .. I just prefer all my code
in one place.
... am definitely not interested in extra keying of passwords by my two
associates.
Thanks,
Graham
|
|
|
|
| Re: Restricting access to a website [message #174817 is a reply to message #174815] |
Mon, 11 July 2011 21:29 |
Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 7/11/2011 4:08 PM, Graham Hobbs wrote:
> On Sun, 10 Jul 2011 22:21:41 -0400, Jerry Stuckle
> <jstucklex(at)attglobal(dot)net> wrote:
>
>> On 7/10/2011 10:01 PM, Graham Hobbs wrote:
>>> Hello,
>>>
>>> I 'very laboriously' coded my index.php (close to novice level), for
>>> my website and it is up and running. It's not public yet and needs to
>>> stay that way. I need to give the address to two people who will help
>>> with my product's development .. but they could reveal the address
>>> anywhere, inadvertently or otherwise.
>>>
>>> If, for example, my website is www .lahdedah. com, I want to allow
>>> full access to these two people (and me:-)) .. others would get a
>>> 'Sorry, not yet available' screen. I envision hard coding their home
>>> address's into my index.php?? Am not interested in any additional
>>> typing by these three.
>>>
>>> Hope I've been clear. Is this feasible, easy/hard/unusual?
>>> Please, thanks
>>> Graham
>>
>> There are any number of ways to do it, none of which require PHP or any
>> other server-side language. Try alt.apache.configuration (assuming, of
>> course, you're using Apache).
>>
>> Also, unless you are David Small of Small Expressions, you shouldn't be
>> using his domain name in an example. Use www.example.com, which is
>> reserved for just such a purpose.
> ---
> Jerry, folks, thanks,
>
> Will check into alt.apache.configuration and apologies about lahdedah,
> didn't know about example.com.
>
> But I wasn't emphatic enough .. yes I would know their IP addresses so
> CAN I hard code them in my index.php? Yes or no would do and a PHP
> buzzword I might search on to get started .. I just prefer all my code
> in one place.
>
> .. am definitely not interested in extra keying of passwords by my two
> associates.
>
> Thanks,
> Graham
You definitely need alt.apache.configuration. No need to do anything to
your php code.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
|
|
|
|
| Re: Restricting access to a website [message #174819 is a reply to message #174817] |
Mon, 11 July 2011 22:21 |
Graham Hobbs
Messages: 42
Registered: September 2010
Karma: 0
|
Member |
|
|
On Mon, 11 Jul 2011 17:29:08 -0400, Jerry Stuckle
<jstucklex(at)attglobal(dot)net> wrote:
> On 7/11/2011 4:08 PM, Graham Hobbs wrote:
>> On Sun, 10 Jul 2011 22:21:41 -0400, Jerry Stuckle
>> <jstucklex(at)attglobal(dot)net> wrote:
>>
>>> On 7/10/2011 10:01 PM, Graham Hobbs wrote:
>>>> Hello,
>>>>
>>>> I 'very laboriously' coded my index.php (close to novice level), for
>>>> my website and it is up and running. It's not public yet and needs to
>>>> stay that way. I need to give the address to two people who will help
>>>> with my product's development .. but they could reveal the address
>>>> anywhere, inadvertently or otherwise.
>>>>
>>>> If, for example, my website is www .lahdedah. com, I want to allow
>>>> full access to these two people (and me:-)) .. others would get a
>>>> 'Sorry, not yet available' screen. I envision hard coding their home
>>>> address's into my index.php?? Am not interested in any additional
>>>> typing by these three.
>>>>
>>>> Hope I've been clear. Is this feasible, easy/hard/unusual?
>>>> Please, thanks
>>>> Graham
>>>
>>> There are any number of ways to do it, none of which require PHP or any
>>> other server-side language. Try alt.apache.configuration (assuming, of
>>> course, you're using Apache).
>>>
>>> Also, unless you are David Small of Small Expressions, you shouldn't be
>>> using his domain name in an example. Use www.example.com, which is
>>> reserved for just such a purpose.
>> ---
>> Jerry, folks, thanks,
>>
>> Will check into alt.apache.configuration and apologies about lahdedah,
>> didn't know about example.com.
>>
>> But I wasn't emphatic enough .. yes I would know their IP addresses so
>> CAN I hard code them in my index.php? Yes or no would do and a PHP
>> buzzword I might search on to get started .. I just prefer all my code
>> in one place.
>>
>> .. am definitely not interested in extra keying of passwords by my two
>> associates.
>>
>> Thanks,
>> Graham
>
> You definitely need alt.apache.configuration. No need to do anything to
> your php code.
OK, thanks.
|
|
|
|
| Re: Restricting access to a website [message #174820 is a reply to message #174817] |
Mon, 11 July 2011 23:24 |
Chuck Anderson
Messages: 63
Registered: September 2010
Karma: 0
|
Member |
|
|
Jerry Stuckle wrote:
> On 7/11/2011 4:08 PM, Graham Hobbs wrote:
>> On Sun, 10 Jul 2011 22:21:41 -0400, Jerry Stuckle
>> <jstucklex(at)attglobal(dot)net> wrote:
>>
>>> On 7/10/2011 10:01 PM, Graham Hobbs wrote:
>>>> Hello,
>>>>
>>>> I 'very laboriously' coded my index.php (close to novice level), for
>>>> my website and it is up and running. It's not public yet and needs to
>>>> stay that way. I need to give the address to two people who will help
>>>> with my product's development .. but they could reveal the address
>>>> anywhere, inadvertently or otherwise.
>>>>
>>>> If, for example, my website is www .lahdedah. com, I want to allow
>>>> full access to these two people (and me:-)) .. others would get a
>>>> 'Sorry, not yet available' screen. I envision hard coding their home
>>>> address's into my index.php?? Am not interested in any additional
>>>> typing by these three.
>>>>
>>>> Hope I've been clear. Is this feasible, easy/hard/unusual?
>>>> Please, thanks
>>>> Graham
>>>
>>> There are any number of ways to do it, none of which require PHP or any
>>> other server-side language. Try alt.apache.configuration (assuming, of
>>> course, you're using Apache).
>>>
>>> Also, unless you are David Small of Small Expressions, you shouldn't be
>>> using his domain name in an example. Use www.example.com, which is
>>> reserved for just such a purpose.
>> ---
>> Jerry, folks, thanks,
>>
>> Will check into alt.apache.configuration and apologies about lahdedah,
>> didn't know about example.com.
>>
>> But I wasn't emphatic enough .. yes I would know their IP addresses so
>> CAN I hard code them in my index.php? Yes or no would do and a PHP
>> buzzword I might search on to get started .. I just prefer all my code
>> in one place.
>>
>> .. am definitely not interested in extra keying of passwords by my two
>> associates.
>>
>> Thanks,
>> Graham
>
> You definitely need alt.apache.configuration. No need to do anything
> to your php code.
>
If you know the IP addrs - simply compare them to the Php global
$SERVER['REMOTE_ADDR'].
--
*****************************
Chuck Anderson • Boulder, CO
http://cycletourist.com
Turn Off, Tune Out, Drop In
*****************************
|
|
|
|
| Re: Restricting access to a website [message #174821 is a reply to message #174815] |
Mon, 11 July 2011 23:43 |
The Natural Philosoph
Messages: 993
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
Graham Hobbs wrote:
> On Sun, 10 Jul 2011 22:21:41 -0400, Jerry Stuckle
> <jstucklex(at)attglobal(dot)net> wrote:
>
>> On 7/10/2011 10:01 PM, Graham Hobbs wrote:
>>> Hello,
>>>
>>> I 'very laboriously' coded my index.php (close to novice level), for
>>> my website and it is up and running. It's not public yet and needs to
>>> stay that way. I need to give the address to two people who will help
>>> with my product's development .. but they could reveal the address
>>> anywhere, inadvertently or otherwise.
>>>
>>> If, for example, my website is www .lahdedah. com, I want to allow
>>> full access to these two people (and me:-)) .. others would get a
>>> 'Sorry, not yet available' screen. I envision hard coding their home
>>> address's into my index.php?? Am not interested in any additional
>>> typing by these three.
>>>
>>> Hope I've been clear. Is this feasible, easy/hard/unusual?
>>> Please, thanks
>>> Graham
>> There are any number of ways to do it, none of which require PHP or any
>> other server-side language. Try alt.apache.configuration (assuming, of
>> course, you're using Apache).
>>
>> Also, unless you are David Small of Small Expressions, you shouldn't be
>> using his domain name in an example. Use www.example.com, which is
>> reserved for just such a purpose.
> ---
> Jerry, folks, thanks,
>
> Will check into alt.apache.configuration and apologies about lahdedah,
> didn't know about example.com.
>
> But I wasn't emphatic enough .. yes I would know their IP addresses so
> CAN I hard code them in my index.php? Yes or no would do and a PHP
yes.
one of the preset global variables says what the remote ip address is.
$REMOTE_ADDR I think.
so
add this somewhere (coded in php obviously)
if not ($REMOTE_ADRR==my mates addresse)
print fuck off
exit
endif
> buzzword I might search on to get started .. I just prefer all my code
> in one place.
>
> .. am definitely not interested in extra keying of passwords by my two
> associates.
>
> Thanks,
> Graham
|
|
|
|
| Re: Restricting access to a website [message #174822 is a reply to message #174820] |
Tue, 12 July 2011 00:38 |
Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 7/11/2011 7:24 PM, Chuck Anderson wrote:
> Jerry Stuckle wrote:
>> On 7/11/2011 4:08 PM, Graham Hobbs wrote:
>>> On Sun, 10 Jul 2011 22:21:41 -0400, Jerry Stuckle
>>> <jstucklex(at)attglobal(dot)net> wrote:
>>>
>>>> On 7/10/2011 10:01 PM, Graham Hobbs wrote:
>>>> > Hello,
>>>> >
>>>> > I 'very laboriously' coded my index.php (close to novice level), for
>>>> > my website and it is up and running. It's not public yet and needs to
>>>> > stay that way. I need to give the address to two people who will help
>>>> > with my product's development .. but they could reveal the address
>>>> > anywhere, inadvertently or otherwise.
>>>> >
>>>> > If, for example, my website is www .lahdedah. com, I want to allow
>>>> > full access to these two people (and me:-)) .. others would get a
>>>> > 'Sorry, not yet available' screen. I envision hard coding their home
>>>> > address's into my index.php?? Am not interested in any additional
>>>> > typing by these three.
>>>> >
>>>> > Hope I've been clear. Is this feasible, easy/hard/unusual?
>>>> > Please, thanks
>>>> > Graham
>>>>
>>>> There are any number of ways to do it, none of which require PHP or any
>>>> other server-side language. Try alt.apache.configuration (assuming, of
>>>> course, you're using Apache).
>>>>
>>>> Also, unless you are David Small of Small Expressions, you shouldn't be
>>>> using his domain name in an example. Use www.example.com, which is
>>>> reserved for just such a purpose.
>>> ---
>>> Jerry, folks, thanks,
>>>
>>> Will check into alt.apache.configuration and apologies about lahdedah,
>>> didn't know about example.com.
>>>
>>> But I wasn't emphatic enough .. yes I would know their IP addresses so
>>> CAN I hard code them in my index.php? Yes or no would do and a PHP
>>> buzzword I might search on to get started .. I just prefer all my code
>>> in one place.
>>>
>>> .. am definitely not interested in extra keying of passwords by my two
>>> associates.
>>>
>>> Thanks,
>>> Graham
>>
>> You definitely need alt.apache.configuration. No need to do anything
>> to your php code.
>>
>
> If you know the IP addrs - simply compare them to the Php global
> $SERVER['REMOTE_ADDR'].
>
>
No need to even go to that trouble. It can all be done in the Apache
configuration with no changes to the web pages at all.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
|
|
|
|
| Re: Restricting access to a website [message #174826 is a reply to message #174819] |
Tue, 12 July 2011 14:27 |
Michael Fesser
Messages: 215
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
.oO(Graham Hobbs)
> On Mon, 11 Jul 2011 17:29:08 -0400, Jerry Stuckle
>>
>> You definitely need alt.apache.configuration. No need to do anything to
>> your php code.
>
> OK, thanks.
Or search the Web for tutorials. The keyword to look for is "HTTP Basic
Authentication".
Micha
|
|
|
|
| Re: Restricting access to a website [message #174827 is a reply to message #174826] |
Tue, 12 July 2011 15:23 |
Graham Hobbs
Messages: 42
Registered: September 2010
Karma: 0
|
Member |
|
|
On Tue, 12 Jul 2011 16:27:09 +0200, Michael Fesser <netizen(at)gmx(dot)de>
wrote:
> .oO(Graham Hobbs)
>
>> On Mon, 11 Jul 2011 17:29:08 -0400, Jerry Stuckle
>>>
>>> You definitely need alt.apache.configuration. No need to do anything to
>>> your php code.
>>
>> OK, thanks.
>
> Or search the Web for tutorials. The keyword to look for is "HTTP Basic
> Authentication".
>
> Micha
I will, thanks muchly!
|
|
|
|
| Re: Restricting access to a website [message #174828 is a reply to message #174800] |
Tue, 12 July 2011 16:32 |
Man-wai Chang
Messages: 11
Registered: December 2010
Karma: 0
|
Junior Member |
|
|
> If, for example, my website is www .lahdedah. com, I want to allow
> full access to these two people (and me:-)) .. others would get a
> 'Sorry, not yet available' screen. I envision hard coding their home
> address's into my index.php?? Am not interested in any additional
> typing by these three.
Why not just use http_access passwd?
--
@~@ You have the right to remain silent.
/ v \ Simplicity is Beauty! May the Force and farces be with you!
/( _ )\ (x86_64 Ubuntu 9.10) Linux 2.6.39.3
^ ^ 00:27:01 up 5:56 0 users load average: 1.40 1.11 1.08
不借貸! 不詐騙! 不援交! 不打交! 不打劫! 不自殺! 請考慮綜援 (CSSA):
http://www.swd.gov.hk/tc/index/site_pubsvc/page_socsecu/sub_addressesa
|
|
|
|
| Re: Restricting access to a website [message #174829 is a reply to message #174826] |
Tue, 12 July 2011 16:33 |
Chuck Anderson
Messages: 63
Registered: September 2010
Karma: 0
|
Member |
|
|
Michael Fesser wrote:
> .oO(Graham Hobbs)
>
>
>> On Mon, 11 Jul 2011 17:29:08 -0400, Jerry Stuckle
>>
>>> You definitely need alt.apache.configuration. No need to do anything to
>>> your php code.
>>>
>> OK, thanks.
>>
>
> Or search the Web for tutorials. The keyword to look for is "HTTP Basic
> Authentication".
>
> Micha
>
This will still require user input (a password), and the the OP said ...
> .... I envision hard coding their home
> address's into my index.php?? Am not interested in any additional
> typing by these three.
So it would seem that the simplest solution that fits this bill is:
if ($_SERVER['REMOTE_ADDR'] != $ipaddr1 AND
$_SERVER['REMOTE_ADDR'] != $ipaddr2)
{
echo 'Sorry, not yet available';
exit;
}
--
*****************************
Chuck Anderson • Boulder, CO
http://cycletourist.com
Turn Off, Tune Out, Drop In
*****************************
|
|
|
|
| Re: Restricting access to a website [message #174830 is a reply to message #174800] |
Tue, 12 July 2011 16:34 |
Man-wai Chang
Messages: 11
Registered: December 2010
Karma: 0
|
Junior Member |
|
|
> If, for example, my website is www .lahdedah. com, I want to allow
> full access to these two people (and me:-)) .. others would get a
> 'Sorry, not yet available' screen. I envision hard coding their home
> address's into my index.php?? Am not interested in any additional
> typing by these three.
Another solution:
1. set your apache to access only 127.0.0.1 access
2. install and configure openssh server
3. remote user login your server and access apache via tunneling
--
@~@ You have the right to remain silent.
/ v \ Simplicity is Beauty! May the Force and farces be with you!
/( _ )\ (x86_64 Ubuntu 9.10) Linux 2.6.39.3
^ ^ 00:32:02 up 6:01 0 users load average: 1.02 1.14 1.12
不借貸! 不詐騙! 不援交! 不打交! 不打劫! 不自殺! 請考慮綜援 (CSSA):
http://www.swd.gov.hk/tc/index/site_pubsvc/page_socsecu/sub_addressesa
|
|
|
|
| Re: Restricting access to a website [message #174831 is a reply to message #174829] |
Tue, 12 July 2011 17:04 |
Graham Hobbs
Messages: 42
Registered: September 2010
Karma: 0
|
Member |
|
|
On Tue, 12 Jul 2011 10:33:48 -0600, Chuck Anderson
<cycletourist(at)invalid(dot)invalid> wrote:
> Michael Fesser wrote:
>> .oO(Graham Hobbs)
>>
>>
>>> On Mon, 11 Jul 2011 17:29:08 -0400, Jerry Stuckle
>>>
>>>> You definitely need alt.apache.configuration. No need to do anything to
>>>> your php code.
>>>>
>>> OK, thanks.
>>>
>>
>> Or search the Web for tutorials. The keyword to look for is "HTTP Basic
>> Authentication".
>>
>> Micha
>>
>
>
> This will still require user input (a password), and the the OP said ...
>
>
>> .... I envision hard coding their home
>> address's into my index.php?? Am not interested in any additional
>> typing by these three.
>
>
> So it would seem that the simplest solution that fits this bill is:
>
> if ($_SERVER['REMOTE_ADDR'] != $ipaddr1 AND
> $_SERVER['REMOTE_ADDR'] != $ipaddr2)
> {
> echo 'Sorry, not yet available';
> exit;
> }
Bullseye! Thankyou,
... possible that there are those who will say you did my homework, I
generally do do the work, was waiting until the topic 'died', clues
gathered ..
... and until I'm ready to hook these two partners up, I can simply
code in my own IP.
Graham
|
|
|
|
| Re: Restricting access to a website [message #174833 is a reply to message #174829] |
Tue, 12 July 2011 19:13 |
Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 7/12/2011 12:33 PM, Chuck Anderson wrote:
> Michael Fesser wrote:
>> .oO(Graham Hobbs)
>>
>>> On Mon, 11 Jul 2011 17:29:08 -0400, Jerry Stuckle
>>>> You definitely need alt.apache.configuration. No need to do anything
>>>> to your php code.
>>> OK, thanks.
>>
>> Or search the Web for tutorials. The keyword to look for is "HTTP Basic
>> Authentication".
>>
>> Micha
>
>
> This will still require user input (a password), and the the OP said ...
>
>
Not necessarily.
>> .... I envision hard coding their home
>> address's into my index.php?? Am not interested in any additional
>> typing by these three.
>
>
> So it would seem that the simplest solution that fits this bill is:
>
> if ($_SERVER['REMOTE_ADDR'] != $ipaddr1 AND
> $_SERVER['REMOTE_ADDR'] != $ipaddr2)
> {
> echo 'Sorry, not yet available';
> exit;
> }
>
Nope.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
|
|
|
|
| Re: Restricting access to a website [message #174835 is a reply to message #174833] |
Tue, 12 July 2011 21:19 |
Chuck Anderson
Messages: 63
Registered: September 2010
Karma: 0
|
Member |
|
|
Jerry Stuckle wrote:
> On 7/12/2011 12:33 PM, Chuck Anderson wrote:
>> Michael Fesser wrote:
>>> .oO(Graham Hobbs)
>>>
>>>> On Mon, 11 Jul 2011 17:29:08 -0400, Jerry Stuckle
>>>> > You definitely need alt.apache.configuration. No need to do anything
>>>> > to your php code.
>>>> OK, thanks.
>>>
>>> Or search the Web for tutorials. The keyword to look for is "HTTP Basic
>>> Authentication".
>>>
>>> Micha
>>
>>
>> This will still require user input (a password), and the the OP said ...
>>
>>
>
> Not necessarily.
>
>>> .... I envision hard coding their home
>>> address's into my index.php?? Am not interested in any additional
>>> typing by these three.
>>
>>
>> So it would seem that the simplest solution that fits this bill is:
>>
>> if ($_SERVER['REMOTE_ADDR'] != $ipaddr1 AND
>> $_SERVER['REMOTE_ADDR'] != $ipaddr2)
>> {
>> echo 'Sorry, not yet available';
>> exit;
>> }
>>
>
> Nope.
>
If the OP already knows Php and would have to research Apache directives
and using htaccess to determine what to do, how to do it, and then test
it, this is by far the simplest solution to his immediate needs.
--
*****************************
Chuck Anderson • Boulder, CO
http://cycletourist.com
Turn Off, Tune Out, Drop In
*****************************
|
|
|
|
| Re: Restricting access to a website [message #174837 is a reply to message #174835] |
Tue, 12 July 2011 23:35 |
Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 7/12/2011 5:19 PM, Chuck Anderson wrote:
> Jerry Stuckle wrote:
>> On 7/12/2011 12:33 PM, Chuck Anderson wrote:
>>> Michael Fesser wrote:
>>>> .oO(Graham Hobbs)
>>>>
>>>> > On Mon, 11 Jul 2011 17:29:08 -0400, Jerry Stuckle
>>>> >> You definitely need alt.apache.configuration. No need to do anything
>>>> >> to your php code.
>>>> > OK, thanks.
>>>>
>>>> Or search the Web for tutorials. The keyword to look for is "HTTP Basic
>>>> Authentication".
>>>>
>>>> Micha
>>>
>>>
>>> This will still require user input (a password), and the the OP said ...
>>>
>>>
>>
>> Not necessarily.
>>
>>>> .... I envision hard coding their home
>>>> address's into my index.php?? Am not interested in any additional
>>>> typing by these three.
>>>
>>>
>>> So it would seem that the simplest solution that fits this bill is:
>>>
>>> if ($_SERVER['REMOTE_ADDR'] != $ipaddr1 AND
>>> $_SERVER['REMOTE_ADDR'] != $ipaddr2)
>>> {
>>> echo 'Sorry, not yet available';
>>> exit;
>>> }
>>>
>>
>> Nope.
>>
>
> If the OP already knows Php and would have to research Apache directives
> and using htaccess to determine what to do, how to do it, and then test
> it, this is by far the simplest solution to his immediate needs.
>
It's a couple of lines in his .htaccess, which would have readily been
given him had he asked in the right newsgroup.
And he doesn't know PHP very well, either - if he did, he wouldn't have
had to ask such an elementary question here.
There are many advantages to doing it in the Apache configuration, and
none for doing it in PHP code.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
|
|
|
|
| Re: Restricting access to a website [message #174853 is a reply to message #174815] |
Wed, 13 July 2011 18:44 |
Graham Hobbs
Messages: 42
Registered: September 2010
Karma: 0
|
Member |
|
|
Folks,
Am replying to all who contributed. I learned much, in particular,
stuff that would not have been gleaned had I referred to just the
manuals. I now have a feeling of what I can/can't do, pathways I
should follow after my associates have done with their access, in
general, a fair idea of what's going on.
Thanks to all,
Graham
A Bill B posted a while ago about some facility to collect all the
posts into one document in one shot instead of the cutting and pasting
I did for this topic - doesn't exist, right?
'Salient bits' would be even nicer!
---
On Mon, 11 Jul 2011 16:08:53 -0400, Graham Hobbs <ghobbs(at)cdpwise(dot)net>
wrote:
> On Sun, 10 Jul 2011 22:21:41 -0400, Jerry Stuckle
> <jstucklex(at)attglobal(dot)net> wrote:
>
>> On 7/10/2011 10:01 PM, Graham Hobbs wrote:
>>> Hello,
>>>
>>> I 'very laboriously' coded my index.php (close to novice level), for
>>> my website and it is up and running. It's not public yet and needs to
>>> stay that way. I need to give the address to two people who will help
>>> with my product's development .. but they could reveal the address
>>> anywhere, inadvertently or otherwise.
>>>
>>> If, for example, my website is www .lahdedah. com, I want to allow
>>> full access to these two people (and me:-)) .. others would get a
>>> 'Sorry, not yet available' screen. I envision hard coding their home
>>> address's into my index.php?? Am not interested in any additional
>>> typing by these three.
>>>
>>> Hope I've been clear. Is this feasible, easy/hard/unusual?
>>> Please, thanks
>>> Graham
>>
>> There are any number of ways to do it, none of which require PHP or any
>> other server-side language. Try alt.apache.configuration (assuming, of
>> course, you're using Apache).
>>
>> Also, unless you are David Small of Small Expressions, you shouldn't be
>> using his domain name in an example. Use www.example.com, which is
>> reserved for just such a purpose.
> ---
> Jerry, folks, thanks,
>
> Will check into alt.apache.configuration and apologies about lahdedah,
> didn't know about example.com.
>
> But I wasn't emphatic enough .. yes I would know their IP addresses so
> CAN I hard code them in my index.php? Yes or no would do and a PHP
> buzzword I might search on to get started .. I just prefer all my code
> in one place.
>
> .. am definitely not interested in extra keying of passwords by my two
> associates.
>
> Thanks,
> Graham
|
|
|
|
| Re: Restricting access to a website [message #174854 is a reply to message #174822] |
Wed, 13 July 2011 19:13 |
Luuk
Messages: 329
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 12-07-2011 02:38, Jerry Stuckle wrote:
> On 7/11/2011 7:24 PM, Chuck Anderson wrote:
>> Jerry Stuckle wrote:
>>> On 7/11/2011 4:08 PM, Graham Hobbs wrote:
>>>> On Sun, 10 Jul 2011 22:21:41 -0400, Jerry Stuckle
>>>> <jstucklex(at)attglobal(dot)net> wrote:
>>>>
>>>> > On 7/10/2011 10:01 PM, Graham Hobbs wrote:
>>>> >> Hello,
>>>> >>
>>>> >> I 'very laboriously' coded my index.php (close to novice level), for
>>>> >> my website and it is up and running. It's not public yet and needs to
>>>> >> stay that way. I need to give the address to two people who will help
>>>> >> with my product's development .. but they could reveal the address
>>>> >> anywhere, inadvertently or otherwise.
>>>> >>
>>>> >> If, for example, my website is www .lahdedah. com, I want to allow
>>>> >> full access to these two people (and me:-)) .. others would get a
>>>> >> 'Sorry, not yet available' screen. I envision hard coding their home
>>>> >> address's into my index.php?? Am not interested in any additional
>>>> >> typing by these three.
>>>> >>
>>>> >> Hope I've been clear. Is this feasible, easy/hard/unusual?
>>>> >> Please, thanks
>>>> >> Graham
>>>> >
>>>> > There are any number of ways to do it, none of which require PHP or
>>>> > any
>>>> > other server-side language. Try alt.apache.configuration (assuming, of
>>>> > course, you're using Apache).
>>>> >
>>>> > Also, unless you are David Small of Small Expressions, you
>>>> > shouldn't be
>>>> > using his domain name in an example. Use www.example.com, which is
>>>> > reserved for just such a purpose.
>>>> ---
>>>> Jerry, folks, thanks,
>>>>
>>>> Will check into alt.apache.configuration and apologies about lahdedah,
>>>> didn't know about example.com.
>>>>
>>>> But I wasn't emphatic enough .. yes I would know their IP addresses so
>>>> CAN I hard code them in my index.php? Yes or no would do and a PHP
>>>> buzzword I might search on to get started .. I just prefer all my code
>>>> in one place.
>>>>
>>>> .. am definitely not interested in extra keying of passwords by my two
>>>> associates.
>>>>
>>>> Thanks,
>>>> Graham
>>>
>>> You definitely need alt.apache.configuration. No need to do anything
>>> to your php code.
>>>
>>
>> If you know the IP addrs - simply compare them to the Php global
>> $SERVER['REMOTE_ADDR'].
>>
>>
>
> No need to even go to that trouble. It can all be done in the Apache
> configuration with no changes to the web pages at all.
>
Jerry,
Can you explain the REAL benefits of doing this in apache,
despite the fact that this is a PHP-newsgroup?,
And the real drawbacks from changing a bit to his own php-code just for
this case?
I simply dont understand why sending him away to
alt.apache.configuration is better ....
--
Luuk
|
|
|
|
| Re: Restricting access to a website [message #174856 is a reply to message #174854] |
Wed, 13 July 2011 19:43 |
The Natural Philosoph
Messages: 993
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
Luuk wrote:
> On 12-07-2011 02:38, Jerry Stuckle wrote:
>> On 7/11/2011 7:24 PM, Chuck Anderson wrote:
>>> Jerry Stuckle wrote:
>>>> On 7/11/2011 4:08 PM, Graham Hobbs wrote:
>>>> > On Sun, 10 Jul 2011 22:21:41 -0400, Jerry Stuckle
>>>> > <jstucklex(at)attglobal(dot)net> wrote:
>>>> >
>>>> >> On 7/10/2011 10:01 PM, Graham Hobbs wrote:
>>>> >>> Hello,
>>>> >>>
>>>> >>> I 'very laboriously' coded my index.php (close to novice level), for
>>>> >>> my website and it is up and running. It's not public yet and needs to
>>>> >>> stay that way. I need to give the address to two people who will help
>>>> >>> with my product's development .. but they could reveal the address
>>>> >>> anywhere, inadvertently or otherwise.
>>>> >>>
>>>> >>> If, for example, my website is www .lahdedah. com, I want to allow
>>>> >>> full access to these two people (and me:-)) .. others would get a
>>>> >>> 'Sorry, not yet available' screen. I envision hard coding their home
>>>> >>> address's into my index.php?? Am not interested in any additional
>>>> >>> typing by these three.
>>>> >>>
>>>> >>> Hope I've been clear. Is this feasible, easy/hard/unusual?
>>>> >>> Please, thanks
>>>> >>> Graham
>>>> >> There are any number of ways to do it, none of which require PHP or
>>>> >> any
>>>> >> other server-side language. Try alt.apache.configuration (assuming, of
>>>> >> course, you're using Apache).
>>>> >>
>>>> >> Also, unless you are David Small of Small Expressions, you
>>>> >> shouldn't be
>>>> >> using his domain name in an example. Use www.example.com, which is
>>>> >> reserved for just such a purpose.
>>>> > ---
>>>> > Jerry, folks, thanks,
>>>> >
>>>> > Will check into alt.apache.configuration and apologies about lahdedah,
>>>> > didn't know about example.com.
>>>> >
>>>> > But I wasn't emphatic enough .. yes I would know their IP addresses so
>>>> > CAN I hard code them in my index.php? Yes or no would do and a PHP
>>>> > buzzword I might search on to get started .. I just prefer all my code
>>>> > in one place.
>>>> >
>>>> > .. am definitely not interested in extra keying of passwords by my two
>>>> > associates.
>>>> >
>>>> > Thanks,
>>>> > Graham
>>>> You definitely need alt.apache.configuration. No need to do anything
>>>> to your php code.
>>>>
>>> If you know the IP addrs - simply compare them to the Php global
>>> $SERVER['REMOTE_ADDR'].
>>>
>>>
>> No need to even go to that trouble. It can all be done in the Apache
>> configuration with no changes to the web pages at all.
>>
>
> Jerry,
> Can you explain the REAL benefits of doing this in apache,
> despite the fact that this is a PHP-newsgroup?,
>
Never heard of jerry explaining anything.
> And the real drawbacks from changing a bit to his own php-code just for
> this case?
>
> I simply dont understand why sending him away to
> alt.apache.configuration is better ....
>
No, its just Jerry being dumb and stubborn as usual.
On the basis that te OP wants to play in the PHP sandpit and not the
Apache sandpit the optimal and more than adequate solution is to use the
pre-loaded variables to examine the browser remote IP address and
display page material contingent on that.
Its a far more powerful and flexible way, and is the sort of thing you
might use to say 'Vous etes en France, Pour la version en Anglais, ici->'
(You could aslo reconfigure your firewall to only allow physical IP
access from them:Sledgehammers and nuts)
As opposed to 'enter name and password to see my crap test website'
You have to do the latter of your victims are on dynamic addresses though.
>
>
|
|
|
|
| Re: Restricting access to a website [message #174857 is a reply to message #174854] |
Wed, 13 July 2011 19:49 |
Michael Fesser
Messages: 215
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
.oO(Luuk)
> On 12-07-2011 02:38, Jerry Stuckle wrote:
>>
>> No need to even go to that trouble. It can all be done in the Apache
>> configuration with no changes to the web pages at all.
>
> Jerry,
> Can you explain the REAL benefits of doing this in apache,
> despite the fact that this is a PHP-newsgroup?,
In this case, given the fact that limiting access can be based on static
IPs, it would be easier to implement and more efficient to do it on the
Apache level.
> And the real drawbacks from changing a bit to his own php-code just for
> this case?
IMHO it mostly depends on the way his scripts are written. In case of a
front controller, i.e. a single entry point to the website, there's not
much of a difference to the Apache way, let aside performance. But if
the website consists of individual scripts, then it might be necessary
to add the same authentication code to a whole bunch of pages.
Then there also might be things like image directories. If you want to
protect them, you either add some lines to an .htaccess file or have to
deliver all the images by a script, which makes things more complicated.
Micha
|
|
|
|
| Re: Restricting access to a website [message #174858 is a reply to message #174856] |
Wed, 13 July 2011 19:53 |
Luuk
Messages: 329
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 13-07-2011 21:43, The Natural Philosopher wrote:
> Luuk wrote:
>> On 12-07-2011 02:38, Jerry Stuckle wrote:
>>> On 7/11/2011 7:24 PM, Chuck Anderson wrote:
>>>> Jerry Stuckle wrote:
>>>> > On 7/11/2011 4:08 PM, Graham Hobbs wrote:
>>>> >> On Sun, 10 Jul 2011 22:21:41 -0400, Jerry Stuckle
>>>> >> <jstucklex(at)attglobal(dot)net> wrote:
>>>> >>
>>>> >>> On 7/10/2011 10:01 PM, Graham Hobbs wrote:
>>>> >>>> Hello,
>>>> >>>>
>>>> >>>> I 'very laboriously' coded my index.php (close to novice level),
>>>> >>>> for
>>>> >>>> my website and it is up and running. It's not public yet and
>>>> >>>> needs to
>>>> >>>> stay that way. I need to give the address to two people who will
>>>> >>>> help
>>>> >>>> with my product's development .. but they could reveal the address
>>>> >>>> anywhere, inadvertently or otherwise.
>>>> >>>>
>>>> >>>> If, for example, my website is www .lahdedah. com, I want to allow
>>>> >>>> full access to these two people (and me:-)) .. others would get a
>>>> >>>> 'Sorry, not yet available' screen. I envision hard coding their
>>>> >>>> home
>>>> >>>> address's into my index.php?? Am not interested in any additional
>>>> >>>> typing by these three.
>>>> >>>>
>>>> >>>> Hope I've been clear. Is this feasible, easy/hard/unusual?
>>>> >>>> Please, thanks
>>>> >>>> Graham
>>>> >>> There are any number of ways to do it, none of which require PHP or
>>>> >>> any
>>>> >>> other server-side language. Try alt.apache.configuration
>>>> >>> (assuming, of
>>>> >>> course, you're using Apache).
>>>> >>>
>>>> >>> Also, unless you are David Small of Small Expressions, you
>>>> >>> shouldn't be
>>>> >>> using his domain name in an example. Use www.example.com, which is
>>>> >>> reserved for just such a purpose.
>>>> >> ---
>>>> >> Jerry, folks, thanks,
>>>> >>
>>>> >> Will check into alt.apache.configuration and apologies about
>>>> >> lahdedah,
>>>> >> didn't know about example.com.
>>>> >>
>>>> >> But I wasn't emphatic enough .. yes I would know their IP
>>>> >> addresses so
>>>> >> CAN I hard code them in my index.php? Yes or no would do and a PHP
>>>> >> buzzword I might search on to get started .. I just prefer all my
>>>> >> code
>>>> >> in one place.
>>>> >>
>>>> >> .. am definitely not interested in extra keying of passwords by my
>>>> >> two
>>>> >> associates.
>>>> >>
>>>> >> Thanks,
>>>> >> Graham
>>>> > You definitely need alt.apache.configuration. No need to do anything
>>>> > to your php code.
>>>> >
>>>> If you know the IP addrs - simply compare them to the Php global
>>>> $SERVER['REMOTE_ADDR'].
>>>>
>>>>
>>> No need to even go to that trouble. It can all be done in the Apache
>>> configuration with no changes to the web pages at all.
>>>
>>
>> Jerry,
>> Can you explain the REAL benefits of doing this in apache,
>> despite the fact that this is a PHP-newsgroup?,
>>
>
> Never heard of jerry explaining anything.
>
>> And the real drawbacks from changing a bit to his own php-code just for
>> this case?
>>
>> I simply dont understand why sending him away to
>> alt.apache.configuration is better ....
>>
>
> No, its just Jerry being dumb and stubborn as usual.
>
> On the basis that te OP wants to play in the PHP sandpit and not the
> Apache sandpit the optimal and more than adequate solution is to use the
> pre-loaded variables to examine the browser remote IP address and
> display page material contingent on that.
>
> Its a far more powerful and flexible way, and is the sort of thing you
> might use to say 'Vous etes en France, Pour la version en Anglais, ici->'
>
> (You could aslo reconfigure your firewall to only allow physical IP
> access from them:Sledgehammers and nuts)
>
>
> As opposed to 'enter name and password to see my crap test website'
>
> You have to do the latter of your victims are on dynamic addresses though.
>
>>
>>
I understand that,
and indeed, in this case PHP should do well,
When i was a employee of a firewall-selling-company, i would probably
reconfigure my (hardware-)firewall ;)
And, last (but not least), when i did not know enough about PHP, i would
add some rules to my apache-config.....
--
Luuk
|
|
|
|
| Re: Restricting access to a website [message #174859 is a reply to message #174856] |
Wed, 13 July 2011 19:56 |
Michael Fesser
Messages: 215
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
.oO(The Natural Philosopher)
> No, its just Jerry being dumb and stubborn as usual.
>
> On the basis that te OP wants to play in the PHP sandpit and not the
> Apache sandpit the optimal and more than adequate solution is to use the
> pre-loaded variables to examine the browser remote IP address and
> display page material contingent on that.
Your view is as short-sighted as usual.
> Its a far more powerful and flexible way
Indeed, but it's also less efficient. The OP has to decide what's more
important in his situation. If it's just about a simple IP restriction
without a complex user management, then doing it on the Apache level is
most likely the better way.
> , and is the sort of thing you
> might use to say 'Vous etes en France, Pour la version en Anglais, ici->'
I know French, I just can't speak it … ;-)
> (You could aslo reconfigure your firewall to only allow physical IP
> access from them:Sledgehammers and nuts)
How's that different from altering the Apache configuration?
Micha
|
|
|
|
| Re: Restricting access to a website [message #174860 is a reply to message #174857] |
Wed, 13 July 2011 20:12 |
Luuk
Messages: 329
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 13-07-2011 21:49, Michael Fesser wrote:
> .oO(Luuk)
>
>> On 12-07-2011 02:38, Jerry Stuckle wrote:
>>>
>>> No need to even go to that trouble. It can all be done in the Apache
>>> configuration with no changes to the web pages at all.
>>
>> Jerry,
>> Can you explain the REAL benefits of doing this in apache,
>> despite the fact that this is a PHP-newsgroup?,
>
> In this case, given the fact that limiting access can be based on static
> IPs, it would be easier to implement and more efficient to do it on the
> Apache level.
>
>> And the real drawbacks from changing a bit to his own php-code just for
>> this case?
>
> IMHO it mostly depends on the way his scripts are written. In case of a
> front controller, i.e. a single entry point to the website, there's not
> much of a difference to the Apache way, let aside performance. But if
> the website consists of individual scripts, then it might be necessary
> to add the same authentication code to a whole bunch of pages.
>
> Then there also might be things like image directories. If you want to
> protect them, you either add some lines to an .htaccess file or have to
> deliver all the images by a script, which makes things more complicated.
>
> Micha
I know, but i wanted Jerry 'i am not a consultant-guy' to explain that
to us...
He only sends people to other newsgroups, because he does not know a
better answer. He is (almost) never giving the answer to the question
WHY the other newsgroup is a better place to ask....
--
Luuk
|
|
|
|
| Re: Restricting access to a website [message #174862 is a reply to message #174860] |
Wed, 13 July 2011 22:13 |
Michael Fesser
Messages: 215
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
.oO(Luuk)
> I know, but i wanted Jerry 'i am not a consultant-guy' to explain that
> to us...
Sorry. ;-)
> He only sends people to other newsgroups, because he does not know a
> better answer. He is (almost) never giving the answer to the question
> WHY the other newsgroup is a better place to ask....
You really should discuss this in sci.psychology.misc …
SCNR
Micha
|
|
|
|
| Re: Restricting access to a website [message #174863 is a reply to message #174858] |
Wed, 13 July 2011 23:17 |
The Natural Philosoph
Messages: 993
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
Luuk wrote:
> On 13-07-2011 21:43, The Natural Philosopher wrote:
>> Luuk wrote:
>>> On 12-07-2011 02:38, Jerry Stuckle wrote:
>>>> On 7/11/2011 7:24 PM, Chuck Anderson wrote:
>>>> > Jerry Stuckle wrote:
>>>> >> On 7/11/2011 4:08 PM, Graham Hobbs wrote:
>>>> >>> On Sun, 10 Jul 2011 22:21:41 -0400, Jerry Stuckle
>>>> >>> <jstucklex(at)attglobal(dot)net> wrote:
>>>> >>>
>>>> >>>> On 7/10/2011 10:01 PM, Graham Hobbs wrote:
>>>> >>>>> Hello,
>>>> >>>>>
>>>> >>>>> I 'very laboriously' coded my index.php (close to novice level),
>>>> >>>>> for
>>>> >>>>> my website and it is up and running. It's not public yet and
>>>> >>>>> needs to
>>>> >>>>> stay that way. I need to give the address to two people who will
>>>> >>>>> help
>>>> >>>>> with my product's development .. but they could reveal the address
>>>> >>>>> anywhere, inadvertently or otherwise.
>>>> >>>>>
>>>> >>>>> If, for example, my website is www .lahdedah. com, I want to allow
>>>> >>>>> full access to these two people (and me:-)) .. others would get a
>>>> >>>>> 'Sorry, not yet available' screen. I envision hard coding their
>>>> >>>>> home
>>>> >>>>> address's into my index.php?? Am not interested in any additional
>>>> >>>>> typing by these three.
>>>> >>>>>
>>>> >>>>> Hope I've been clear. Is this feasible, easy/hard/unusual?
>>>> >>>>> Please, thanks
>>>> >>>>> Graham
>>>> >>>> There are any number of ways to do it, none of which require PHP or
>>>> >>>> any
>>>> >>>> other server-side language. Try alt.apache.configuration
>>>> >>>> (assuming, of
>>>> >>>> course, you're using Apache).
>>>> >>>>
>>>> >>>> Also, unless you are David Small of Small Expressions, you
>>>> >>>> shouldn't be
>>>> >>>> using his domain name in an example. Use www.example.com, which is
>>>> >>>> reserved for just such a purpose.
>>>> >>> ---
>>>> >>> Jerry, folks, thanks,
>>>> >>>
>>>> >>> Will check into alt.apache.configuration and apologies about
>>>> >>> lahdedah,
>>>> >>> didn't know about example.com.
>>>> >>>
>>>> >>> But I wasn't emphatic enough .. yes I would know their IP
>>>> >>> addresses so
>>>> >>> CAN I hard code them in my index.php? Yes or no would do and a PHP
>>>> >>> buzzword I might search on to get started .. I just prefer all my
>>>> >>> code
>>>> >>> in one place.
>>>> >>>
>>>> >>> .. am definitely not interested in extra keying of passwords by my
>>>> >>> two
>>>> >>> associates.
>>>> >>>
>>>> >>> Thanks,
>>>> >>> Graham
>>>> >> You definitely need alt.apache.configuration. No need to do anything
>>>> >> to your php code.
>>>> >>
>>>> > If you know the IP addrs - simply compare them to the Php global
>>>> > $SERVER['REMOTE_ADDR'].
>>>> >
>>>> >
>>>> No need to even go to that trouble. It can all be done in the Apache
>>>> configuration with no changes to the web pages at all.
>>>>
>>> Jerry,
>>> Can you explain the REAL benefits of doing this in apache,
>>> despite the fact that this is a PHP-newsgroup?,
>>>
>> Never heard of jerry explaining anything.
>>
>>> And the real drawbacks from changing a bit to his own php-code just for
>>> this case?
>>>
>>> I simply dont understand why sending him away to
>>> alt.apache.configuration is better ....
>>>
>> No, its just Jerry being dumb and stubborn as usual.
>>
>> On the basis that te OP wants to play in the PHP sandpit and not the
>> Apache sandpit the optimal and more than adequate solution is to use the
>> pre-loaded variables to examine the browser remote IP address and
>> display page material contingent on that.
>>
>> Its a far more powerful and flexible way, and is the sort of thing you
>> might use to say 'Vous etes en France, Pour la version en Anglais, ici->'
>>
>> (You could aslo reconfigure your firewall to only allow physical IP
>> access from them:Sledgehammers and nuts)
>>
>>
>> As opposed to 'enter name and password to see my crap test website'
>>
>> You have to do the latter of your victims are on dynamic addresses though.
>>
>>>
>
> I understand that,
> and indeed, in this case PHP should do well,
>
> When i was a employee of a firewall-selling-company, i would probably
> reconfigure my (hardware-)firewall ;)
>
> And, last (but not least), when i did not know enough about PHP, i would
> add some rules to my apache-config.....
>
Ive done all the options in various places.
One thing that has become standard is to include on a site of related
pages a standard file that - usually - does things like user
authentication and drawing menu buttons and suchlike
If that is common to all pages, it solves the problem of having to patch
many to ensure authentication across a whole site.
|
|
|
|
| Re: Restricting access to a website [message #174864 is a reply to message #174859] |
Wed, 13 July 2011 23:53 |
The Natural Philosoph
Messages: 993
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
Michael Fesser wrote:
> .oO(The Natural Philosopher)
>
>> No, its just Jerry being dumb and stubborn as usual.
>>
>> On the basis that te OP wants to play in the PHP sandpit and not the
>> Apache sandpit the optimal and more than adequate solution is to use the
>> pre-loaded variables to examine the browser remote IP address and
>> display page material contingent on that.
>
> Your view is as short-sighted as usual.
>
>> Its a far more powerful and flexible way
>
> Indeed, but it's also less efficient. The OP has to decide what's more
> important in his situation. If it's just about a simple IP restriction
> without a complex user management, then doing it on the Apache level is
> most likely the better way.
>
>> , and is the sort of thing you
>> might use to say 'Vous etes en France, Pour la version en Anglais, ici->'
>
> I know French, I just can't speak it … ;-)
>
>> (You could aslo reconfigure your firewall to only allow physical IP
>> access from them:Sledgehammers and nuts)
>
> How's that different from altering the Apache configuration?
>
What?
Don't you actually KNOW?
> Micha
|
|
|
|
| Re: Restricting access to a website [message #174865 is a reply to message #174862] |
Wed, 13 July 2011 23:54 |
The Natural Philosoph
Messages: 993
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
Michael Fesser wrote:
> .oO(Luuk)
>
>> I know, but i wanted Jerry 'i am not a consultant-guy' to explain that
>> to us...
>
> Sorry. ;-)
>
>> He only sends people to other newsgroups, because he does not know a
>> better answer. He is (almost) never giving the answer to the question
>> WHY the other newsgroup is a better place to ask....
>
> You really should discuss this in sci.psychology.misc …
>
I guess the Psychology of a Right Man could keep a thread going for weeks..
But I cant hack that group title. Psychology ain't a science.
> SCNR
> Micha
|
|
|
|
| Re: Restricting access to a website [message #174867 is a reply to message #174853] |
Thu, 14 July 2011 01:05 |
Graham Hobbs
Messages: 42
Registered: September 2010
Karma: 0
|
Member |
|
|
... geez, I thought this was done:-)
Learned more too!+ .. is like being at a table of gurus bandering pros
and cons of circumstances (nasties aside) .. good stuff.
Thanks again
graham
---
On Wed, 13 Jul 2011 14:44:37 -0400, Graham Hobbs <ghobbs(at)cdpwise(dot)net>
wrote:
> Folks,
> Am replying to all who contributed. I learned much, in particular,
> stuff that would not have been gleaned had I referred to just the
> manuals. I now have a feeling of what I can/can't do, pathways I
> should follow after my associates have done with their access, in
> general, a fair idea of what's going on.
> Thanks to all,
> Graham
> A Bill B posted a while ago about some facility to collect all the
> posts into one document in one shot instead of the cutting and pasting
> I did for this topic - doesn't exist, right?
> 'Salient bits' would be even nicer!
> ---
> On Mon, 11 Jul 2011 16:08:53 -0400, Graham Hobbs <ghobbs(at)cdpwise(dot)net>
> wrote:
>
>> On Sun, 10 Jul 2011 22:21:41 -0400, Jerry Stuckle
>> <jstucklex(at)attglobal(dot)net> wrote:
>>
>>> On 7/10/2011 10:01 PM, Graham Hobbs wrote:
>>>> Hello,
>>>>
>>>> I 'very laboriously' coded my index.php (close to novice level), for
>>>> my website and it is up and running. It's not public yet and needs to
>>>> stay that way. I need to give the address to two people who will help
>>>> with my product's development .. but they could reveal the address
>>>> anywhere, inadvertently or otherwise.
>>>>
>>>> If, for example, my website is www .lahdedah. com, I want to allow
>>>> full access to these two people (and me:-)) .. others would get a
>>>> 'Sorry, not yet available' screen. I envision hard coding their home
>>>> address's into my index.php?? Am not interested in any additional
>>>> typing by these three.
>>>>
>>>> Hope I've been clear. Is this feasible, easy/hard/unusual?
>>>> Please, thanks
>>>> Graham
>>>
>>> There are any number of ways to do it, none of which require PHP or any
>>> other server-side language. Try alt.apache.configuration (assuming, of
>>> course, you're using Apache).
>>>
>>> Also, unless you are David Small of Small Expressions, you shouldn't be
>>> using his domain name in an example. Use www.example.com, which is
>>> reserved for just such a purpose.
>> ---
>> Jerry, folks, thanks,
>>
>> Will check into alt.apache.configuration and apologies about lahdedah,
>> didn't know about example.com.
>>
>> But I wasn't emphatic enough .. yes I would know their IP addresses so
>> CAN I hard code them in my index.php? Yes or no would do and a PHP
>> buzzword I might search on to get started .. I just prefer all my code
>> in one place.
>>
>> .. am definitely not interested in extra keying of passwords by my two
>> associates.
>>
>> Thanks,
>> Graham
|
|
|
|
| Re: Restricting access to a website [message #174870 is a reply to message #174854] |
Thu, 14 July 2011 04:09 |
Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 7/13/2011 3:13 PM, Luuk wrote:
> On 12-07-2011 02:38, Jerry Stuckle wrote:
>> On 7/11/2011 7:24 PM, Chuck Anderson wrote:
>>> Jerry Stuckle wrote:
>>>> On 7/11/2011 4:08 PM, Graham Hobbs wrote:
>>>> > On Sun, 10 Jul 2011 22:21:41 -0400, Jerry Stuckle
>>>> > <jstucklex(at)attglobal(dot)net> wrote:
>>>> >
>>>> >> On 7/10/2011 10:01 PM, Graham Hobbs wrote:
>>>> >>> Hello,
>>>> >>>
>>>> >>> I 'very laboriously' coded my index.php (close to novice level), for
>>>> >>> my website and it is up and running. It's not public yet and needs to
>>>> >>> stay that way. I need to give the address to two people who will help
>>>> >>> with my product's development .. but they could reveal the address
>>>> >>> anywhere, inadvertently or otherwise.
>>>> >>>
>>>> >>> If, for example, my website is www .lahdedah. com, I want to allow
>>>> >>> full access to these two people (and me:-)) .. others would get a
>>>> >>> 'Sorry, not yet available' screen. I envision hard coding their home
>>>> >>> address's into my index.php?? Am not interested in any additional
>>>> >>> typing by these three.
>>>> >>>
>>>> >>> Hope I've been clear. Is this feasible, easy/hard/unusual?
>>>> >>> Please, thanks
>>>> >>> Graham
>>>> >>
>>>> >> There are any number of ways to do it, none of which require PHP or
>>>> >> any
>>>> >> other server-side language. Try alt.apache.configuration (assuming, of
>>>> >> course, you're using Apache).
>>>> >>
>>>> >> Also, unless you are David Small of Small Expressions, you
>>>> >> shouldn't be
>>>> >> using his domain name in an example. Use www.example.com, which is
>>>> >> reserved for just such a purpose.
>>>> > ---
>>>> > Jerry, folks, thanks,
>>>> >
>>>> > Will check into alt.apache.configuration and apologies about lahdedah,
>>>> > didn't know about example.com.
>>>> >
>>>> > But I wasn't emphatic enough .. yes I would know their IP addresses so
>>>> > CAN I hard code them in my index.php? Yes or no would do and a PHP
>>>> > buzzword I might search on to get started .. I just prefer all my code
>>>> > in one place.
>>>> >
>>>> > .. am definitely not interested in extra keying of passwords by my two
>>>> > associates.
>>>> >
>>>> > Thanks,
>>>> > Graham
>>>>
>>>> You definitely need alt.apache.configuration. No need to do anything
>>>> to your php code.
>>>>
>>>
>>> If you know the IP addrs - simply compare them to the Php global
>>> $SERVER['REMOTE_ADDR'].
>>>
>>>
>>
>> No need to even go to that trouble. It can all be done in the Apache
>> configuration with no changes to the web pages at all.
>>
>
> Jerry,
> Can you explain the REAL benefits of doing this in apache,
> despite the fact that this is a PHP-newsgroup?,
>
> And the real drawbacks from changing a bit to his own php-code just for
> this case?
>
> I simply dont understand why sending him away to
> alt.apache.configuration is better ....
>
>
>
Because it can easily be done in the Apache configuration, requiring no
changes to the page itself, and will work for all pages on his site (or
in a specific directory).
Changing the page code requires similar changes to every page he wants
to restrict access to, and those changes need to be later deleted from
the code (ensuring he gets *all* pages, and doesn't make a mistake in
deleting the code). Simply deleting the .htaccess is all that's needed
when he wants to open it up to everyone. Additionally, it works for all
web pages - not just ones coded in PHP (i.e. simple HTML pages).
Just because this is a PHP newsgroup doesn't mean the *best* answer is
PHP code. Many times a better solution can be found elsewhere.
And BTW - it's also slightly more efficient, because the PHP interpreter
doesn't have to load the page and parse the code before determining the
page should not be displayed. Apache takes care of that long before PHP
is ever involved.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
|
|
|
|
| Re: Restricting access to a website [message #174871 is a reply to message #174858] |
Thu, 14 July 2011 04:12 |
Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 7/13/2011 3:53 PM, Luuk wrote:
> On 13-07-2011 21:43, The Natural Philosopher wrote:
>> Luuk wrote:
>>> On 12-07-2011 02:38, Jerry Stuckle wrote:
>>>> On 7/11/2011 7:24 PM, Chuck Anderson wrote:
>>>> > Jerry Stuckle wrote:
>>>> >> On 7/11/2011 4:08 PM, Graham Hobbs wrote:
>>>> >>> On Sun, 10 Jul 2011 22:21:41 -0400, Jerry Stuckle
>>>> >>> <jstucklex(at)attglobal(dot)net> wrote:
>>>> >>>
>>>> >>>> On 7/10/2011 10:01 PM, Graham Hobbs wrote:
>>>> >>>>> Hello,
>>>> >>>>>
>>>> >>>>> I 'very laboriously' coded my index.php (close to novice level),
>>>> >>>>> for
>>>> >>>>> my website and it is up and running. It's not public yet and
>>>> >>>>> needs to
>>>> >>>>> stay that way. I need to give the address to two people who will
>>>> >>>>> help
>>>> >>>>> with my product's development .. but they could reveal the address
>>>> >>>>> anywhere, inadvertently or otherwise.
>>>> >>>>>
>>>> >>>>> If, for example, my website is www .lahdedah. com, I want to allow
>>>> >>>>> full access to these two people (and me:-)) .. others would get a
>>>> >>>>> 'Sorry, not yet available' screen. I envision hard coding their
>>>> >>>>> home
>>>> >>>>> address's into my index.php?? Am not interested in any additional
>>>> >>>>> typing by these three.
>>>> >>>>>
>>>> >>>>> Hope I've been clear. Is this feasible, easy/hard/unusual?
>>>> >>>>> Please, thanks
>>>> >>>>> Graham
>>>> >>>> There are any number of ways to do it, none of which require PHP or
>>>> >>>> any
>>>> >>>> other server-side language. Try alt.apache.configuration
>>>> >>>> (assuming, of
>>>> >>>> course, you're using Apache).
>>>> >>>>
>>>> >>>> Also, unless you are David Small of Small Expressions, you
>>>> >>>> shouldn't be
>>>> >>>> using his domain name in an example. Use www.example.com, which is
>>>> >>>> reserved for just such a purpose.
>>>> >>> ---
>>>> >>> Jerry, folks, thanks,
>>>> >>>
>>>> >>> Will check into alt.apache.configuration and apologies about
>>>> >>> lahdedah,
>>>> >>> didn't know about example.com.
>>>> >>>
>>>> >>> But I wasn't emphatic enough .. yes I would know their IP
>>>> >>> addresses so
>>>> >>> CAN I hard code them in my index.php? Yes or no would do and a PHP
>>>> >>> buzzword I might search on to get started .. I just prefer all my
>>>> >>> code
>>>> >>> in one place.
>>>> >>>
>>>> >>> .. am definitely not interested in extra keying of passwords by my
>>>> >>> two
>>>> >>> associates.
>>>> >>>
>>>> >>> Thanks,
>>>> >>> Graham
>>>> >> You definitely need alt.apache.configuration. No need to do anything
>>>> >> to your php code.
>>>> >>
>>>> > If you know the IP addrs - simply compare them to the Php global
>>>> > $SERVER['REMOTE_ADDR'].
>>>> >
>>>> >
>>>> No need to even go to that trouble. It can all be done in the Apache
>>>> configuration with no changes to the web pages at all.
>>>>
>>>
>>> Jerry,
>>> Can you explain the REAL benefits of doing this in apache,
>>> despite the fact that this is a PHP-newsgroup?,
>>>
>>
>> Never heard of jerry explaining anything.
>>
>>> And the real drawbacks from changing a bit to his own php-code just for
>>> this case?
>>>
>>> I simply dont understand why sending him away to
>>> alt.apache.configuration is better ....
>>>
>>
>> No, its just Jerry being dumb and stubborn as usual.
>>
>> On the basis that te OP wants to play in the PHP sandpit and not the
>> Apache sandpit the optimal and more than adequate solution is to use the
>> pre-loaded variables to examine the browser remote IP address and
>> display page material contingent on that.
>>
>> Its a far more powerful and flexible way, and is the sort of thing you
>> might use to say 'Vous etes en France, Pour la version en Anglais, ici->'
>>
>> (You could aslo reconfigure your firewall to only allow physical IP
>> access from them:Sledgehammers and nuts)
>>
>>
>> As opposed to 'enter name and password to see my crap test website'
>>
>> You have to do the latter of your victims are on dynamic addresses though.
>>
>>>
>>>
>
> I understand that,
> and indeed, in this case PHP should do well,
>
> When i was a employee of a firewall-selling-company, i would probably
> reconfigure my (hardware-)firewall ;)
>
> And, last (but not least), when i did not know enough about PHP, i would
> add some rules to my apache-config.....
>
BTW - I might also suggest reconfiguring the firewall, but that won't
work on a shared server for a number of reasons - like he doesn't have
access to the firewall configuration and the firewall is web host blind
- it doesn't know that the request should be restricted only for one of
the sites on the server, and not all of them.
It's great, however, if you want to restrict *all* access to the server,
but that's not the case in a shared environment.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
|
|
|
|
| Re: Restricting access to a website [message #174872 is a reply to message #174860] |
Thu, 14 July 2011 04:14 |
Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 7/13/2011 4:12 PM, Luuk wrote:
> On 13-07-2011 21:49, Michael Fesser wrote:
>> .oO(Luuk)
>>
>>> On 12-07-2011 02:38, Jerry Stuckle wrote:
>>>>
>>>> No need to even go to that trouble. It can all be done in the Apache
>>>> configuration with no changes to the web pages at all.
>>>
>>> Jerry,
>>> Can you explain the REAL benefits of doing this in apache,
>>> despite the fact that this is a PHP-newsgroup?,
>>
>> In this case, given the fact that limiting access can be based on static
>> IPs, it would be easier to implement and more efficient to do it on the
>> Apache level.
>>
>>> And the real drawbacks from changing a bit to his own php-code just for
>>> this case?
>>
>> IMHO it mostly depends on the way his scripts are written. In case of a
>> front controller, i.e. a single entry point to the website, there's not
>> much of a difference to the Apache way, let aside performance. But if
>> the website consists of individual scripts, then it might be necessary
>> to add the same authentication code to a whole bunch of pages.
>>
>> Then there also might be things like image directories. If you want to
>> protect them, you either add some lines to an .htaccess file or have to
>> deliver all the images by a script, which makes things more complicated.
>>
>> Micha
>
> I know, but i wanted Jerry 'i am not a consultant-guy' to explain that
> to us...
>
> He only sends people to other newsgroups, because he does not know a
> better answer. He is (almost) never giving the answer to the question
> WHY the other newsgroup is a better place to ask....
>
Wrong. I am a consultant, and have been for over 20 years. And I send
people to other newsgroups when it is appropriate - as in this case.
I do also answer a lot of PHP questions in this newsgroup - as a Google
search will easily show.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
|
|
|
|
| Re: Restricting access to a website [message #174873 is a reply to message #174800] |
Thu, 14 July 2011 12:55 |
me
Messages: 192
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 7/10/2011 10:01 PM, Graham Hobbs wrote:
> Hello,
>
> I 'very laboriously' coded my index.php (close to novice level), for
> my website and it is up and running. It's not public yet and needs to
> stay that way. I need to give the address to two people who will help
> with my product's development .. but they could reveal the address
> anywhere, inadvertently or otherwise.
>
> If, for example, my website is www .lahdedah. com, I want to allow
> full access to these two people (and me:-)) .. others would get a
> 'Sorry, not yet available' screen. I envision hard coding their home
> address's into my index.php?? Am not interested in any additional
> typing by these three.
Use a login routine but do not make registrations possible. Manually
place the user info for the three people that can have access.If someone
using any other username tries to log in they will be blocked.
Bill B
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]