| Re: Restricting access to a website [message #174863 is a reply to message #174858] |
Wed, 13 July 2011 23:17   |
The Natural Philosoph
Messages: 993
Registered: September 2010
Karma:
|
Senior Member |
|
|
Luuk wrote:
> On 13-07-2011 21:43, The Natural Philosopher wrote:
>> Luuk wrote:
>>> On 12-07-2011 02:38, Jerry Stuckle wrote:
>>>> On 7/11/2011 7:24 PM, Chuck Anderson wrote:
>>>> > Jerry Stuckle wrote:
>>>> >> On 7/11/2011 4:08 PM, Graham Hobbs wrote:
>>>> >>> On Sun, 10 Jul 2011 22:21:41 -0400, Jerry Stuckle
>>>> >>> <jstucklex(at)attglobal(dot)net> wrote:
>>>> >>>
>>>> >>>> On 7/10/2011 10:01 PM, Graham Hobbs wrote:
>>>> >>>>> Hello,
>>>> >>>>>
>>>> >>>>> I 'very laboriously' coded my index.php (close to novice level),
>>>> >>>>> for
>>>> >>>>> my website and it is up and running. It's not public yet and
>>>> >>>>> needs to
>>>> >>>>> stay that way. I need to give the address to two people who will
>>>> >>>>> help
>>>> >>>>> with my product's development .. but they could reveal the address
>>>> >>>>> anywhere, inadvertently or otherwise.
>>>> >>>>>
>>>> >>>>> If, for example, my website is www .lahdedah. com, I want to allow
>>>> >>>>> full access to these two people (and me:-)) .. others would get a
>>>> >>>>> 'Sorry, not yet available' screen. I envision hard coding their
>>>> >>>>> home
>>>> >>>>> address's into my index.php?? Am not interested in any additional
>>>> >>>>> typing by these three.
>>>> >>>>>
>>>> >>>>> Hope I've been clear. Is this feasible, easy/hard/unusual?
>>>> >>>>> Please, thanks
>>>> >>>>> Graham
>>>> >>>> There are any number of ways to do it, none of which require PHP or
>>>> >>>> any
>>>> >>>> other server-side language. Try alt.apache.configuration
>>>> >>>> (assuming, of
>>>> >>>> course, you're using Apache).
>>>> >>>>
>>>> >>>> Also, unless you are David Small of Small Expressions, you
>>>> >>>> shouldn't be
>>>> >>>> using his domain name in an example. Use www.example.com, which is
>>>> >>>> reserved for just such a purpose.
>>>> >>> ---
>>>> >>> Jerry, folks, thanks,
>>>> >>>
>>>> >>> Will check into alt.apache.configuration and apologies about
>>>> >>> lahdedah,
>>>> >>> didn't know about example.com.
>>>> >>>
>>>> >>> But I wasn't emphatic enough .. yes I would know their IP
>>>> >>> addresses so
>>>> >>> CAN I hard code them in my index.php? Yes or no would do and a PHP
>>>> >>> buzzword I might search on to get started .. I just prefer all my
>>>> >>> code
>>>> >>> in one place.
>>>> >>>
>>>> >>> .. am definitely not interested in extra keying of passwords by my
>>>> >>> two
>>>> >>> associates.
>>>> >>>
>>>> >>> Thanks,
>>>> >>> Graham
>>>> >> You definitely need alt.apache.configuration. No need to do anything
>>>> >> to your php code.
>>>> >>
>>>> > If you know the IP addrs - simply compare them to the Php global
>>>> > $SERVER['REMOTE_ADDR'].
>>>> >
>>>> >
>>>> No need to even go to that trouble. It can all be done in the Apache
>>>> configuration with no changes to the web pages at all.
>>>>
>>> Jerry,
>>> Can you explain the REAL benefits of doing this in apache,
>>> despite the fact that this is a PHP-newsgroup?,
>>>
>> Never heard of jerry explaining anything.
>>
>>> And the real drawbacks from changing a bit to his own php-code just for
>>> this case?
>>>
>>> I simply dont understand why sending him away to
>>> alt.apache.configuration is better ....
>>>
>> No, its just Jerry being dumb and stubborn as usual.
>>
>> On the basis that te OP wants to play in the PHP sandpit and not the
>> Apache sandpit the optimal and more than adequate solution is to use the
>> pre-loaded variables to examine the browser remote IP address and
>> display page material contingent on that.
>>
>> Its a far more powerful and flexible way, and is the sort of thing you
>> might use to say 'Vous etes en France, Pour la version en Anglais, ici->'
>>
>> (You could aslo reconfigure your firewall to only allow physical IP
>> access from them:Sledgehammers and nuts)
>>
>>
>> As opposed to 'enter name and password to see my crap test website'
>>
>> You have to do the latter of your victims are on dynamic addresses though.
>>
>>>
>
> I understand that,
> and indeed, in this case PHP should do well,
>
> When i was a employee of a firewall-selling-company, i would probably
> reconfigure my (hardware-)firewall ;)
>
> And, last (but not least), when i did not know enough about PHP, i would
> add some rules to my apache-config.....
>
Ive done all the options in various places.
One thing that has become standard is to include on a site of related
pages a standard file that - usually - does things like user
authentication and drawing menu buttons and suchlike
If that is common to all pages, it solves the problem of having to patch
many to ensure authentication across a whole site.
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]