| Re: Restricting access to a website [message #174871 is a reply to message #174858] |
Thu, 14 July 2011 04:12   |
Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma:
|
Senior Member |
|
|
On 7/13/2011 3:53 PM, Luuk wrote:
> On 13-07-2011 21:43, The Natural Philosopher wrote:
>> Luuk wrote:
>>> On 12-07-2011 02:38, Jerry Stuckle wrote:
>>>> On 7/11/2011 7:24 PM, Chuck Anderson wrote:
>>>> > Jerry Stuckle wrote:
>>>> >> On 7/11/2011 4:08 PM, Graham Hobbs wrote:
>>>> >>> On Sun, 10 Jul 2011 22:21:41 -0400, Jerry Stuckle
>>>> >>> <jstucklex(at)attglobal(dot)net> wrote:
>>>> >>>
>>>> >>>> On 7/10/2011 10:01 PM, Graham Hobbs wrote:
>>>> >>>>> Hello,
>>>> >>>>>
>>>> >>>>> I 'very laboriously' coded my index.php (close to novice level),
>>>> >>>>> for
>>>> >>>>> my website and it is up and running. It's not public yet and
>>>> >>>>> needs to
>>>> >>>>> stay that way. I need to give the address to two people who will
>>>> >>>>> help
>>>> >>>>> with my product's development .. but they could reveal the address
>>>> >>>>> anywhere, inadvertently or otherwise.
>>>> >>>>>
>>>> >>>>> If, for example, my website is www .lahdedah. com, I want to allow
>>>> >>>>> full access to these two people (and me:-)) .. others would get a
>>>> >>>>> 'Sorry, not yet available' screen. I envision hard coding their
>>>> >>>>> home
>>>> >>>>> address's into my index.php?? Am not interested in any additional
>>>> >>>>> typing by these three.
>>>> >>>>>
>>>> >>>>> Hope I've been clear. Is this feasible, easy/hard/unusual?
>>>> >>>>> Please, thanks
>>>> >>>>> Graham
>>>> >>>> There are any number of ways to do it, none of which require PHP or
>>>> >>>> any
>>>> >>>> other server-side language. Try alt.apache.configuration
>>>> >>>> (assuming, of
>>>> >>>> course, you're using Apache).
>>>> >>>>
>>>> >>>> Also, unless you are David Small of Small Expressions, you
>>>> >>>> shouldn't be
>>>> >>>> using his domain name in an example. Use www.example.com, which is
>>>> >>>> reserved for just such a purpose.
>>>> >>> ---
>>>> >>> Jerry, folks, thanks,
>>>> >>>
>>>> >>> Will check into alt.apache.configuration and apologies about
>>>> >>> lahdedah,
>>>> >>> didn't know about example.com.
>>>> >>>
>>>> >>> But I wasn't emphatic enough .. yes I would know their IP
>>>> >>> addresses so
>>>> >>> CAN I hard code them in my index.php? Yes or no would do and a PHP
>>>> >>> buzzword I might search on to get started .. I just prefer all my
>>>> >>> code
>>>> >>> in one place.
>>>> >>>
>>>> >>> .. am definitely not interested in extra keying of passwords by my
>>>> >>> two
>>>> >>> associates.
>>>> >>>
>>>> >>> Thanks,
>>>> >>> Graham
>>>> >> You definitely need alt.apache.configuration. No need to do anything
>>>> >> to your php code.
>>>> >>
>>>> > If you know the IP addrs - simply compare them to the Php global
>>>> > $SERVER['REMOTE_ADDR'].
>>>> >
>>>> >
>>>> No need to even go to that trouble. It can all be done in the Apache
>>>> configuration with no changes to the web pages at all.
>>>>
>>>
>>> Jerry,
>>> Can you explain the REAL benefits of doing this in apache,
>>> despite the fact that this is a PHP-newsgroup?,
>>>
>>
>> Never heard of jerry explaining anything.
>>
>>> And the real drawbacks from changing a bit to his own php-code just for
>>> this case?
>>>
>>> I simply dont understand why sending him away to
>>> alt.apache.configuration is better ....
>>>
>>
>> No, its just Jerry being dumb and stubborn as usual.
>>
>> On the basis that te OP wants to play in the PHP sandpit and not the
>> Apache sandpit the optimal and more than adequate solution is to use the
>> pre-loaded variables to examine the browser remote IP address and
>> display page material contingent on that.
>>
>> Its a far more powerful and flexible way, and is the sort of thing you
>> might use to say 'Vous etes en France, Pour la version en Anglais, ici->'
>>
>> (You could aslo reconfigure your firewall to only allow physical IP
>> access from them:Sledgehammers and nuts)
>>
>>
>> As opposed to 'enter name and password to see my crap test website'
>>
>> You have to do the latter of your victims are on dynamic addresses though.
>>
>>>
>>>
>
> I understand that,
> and indeed, in this case PHP should do well,
>
> When i was a employee of a firewall-selling-company, i would probably
> reconfigure my (hardware-)firewall ;)
>
> And, last (but not least), when i did not know enough about PHP, i would
> add some rules to my apache-config.....
>
BTW - I might also suggest reconfiguring the firewall, but that won't
work on a shared server for a number of reasons - like he doesn't have
access to the firewall configuration and the firewall is web host blind
- it doesn't know that the request should be restricted only for one of
the sites on the server, and not all of them.
It's great, however, if you want to restrict *all* access to the server,
but that's not the case in a shared environment.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]