| View previous topic :: View next topic |
| Author |
Message |
jans
-
Joined: 04 Jun 2004
Posts: 20
|
 Posted: Fri Jun 04, 2004 2:24 pm Post subject: does Abyss support .htaccess ? |
 |
|
I ned to know if abyss webserver supports the .htaccess and how I can configure abyss to use the .htaccess files.
Some kinda short tutorial is prefered because I am totally new to this matter.
If someone could help me please ? |
|
| Back to top |
  |
 |
woody03
-
Joined: 16 Apr 2004
Posts: 103
Location: U.K>West Midlands>Walsall,
|
| Posted: Fri Jun 04, 2004 2:43 pm Post subject: |
|
|
I think it can support .htaccess but im not sure how to set it up
_________________
 |
|
| Back to top |
|
|
jans
-
Joined: 04 Jun 2004
Posts: 20
|
| Posted: Fri Jun 04, 2004 2:51 pm Post subject: |
|
|
Really, really need to know though, anyone out there knows howto ?
Running abyss for about a year or 3 now and am very happy with it, lately added some Forum software and because of all this I need to better secure all maps and folders now.
Running all on an old winnt4 server, but running stable and have no plans on migrating to another webserver "yet" BUT if acessrestrictions are not possible I must, sigh. |
|
| Back to top |
|
|
Moxxnixx
-
Joined: 21 Jun 2003
Posts: 1226
Location: Florida
|
| Posted: Fri Jun 04, 2004 2:56 pm Post subject: |
|
|
Sorry, .htaccess files do not work with Abyss.
If you need to keep people from browsing folders, just put an index file in them. |
|
| Back to top |
 |
|
woody03
-
Joined: 16 Apr 2004
Posts: 103
Location: U.K>West Midlands>Walsall,
|
| Posted: Fri Jun 04, 2004 3:04 pm Post subject: |
|
|
sorry i was wrong :'(
_________________
|
|
| Back to top |
|
|
jans
-
Joined: 04 Jun 2004
Posts: 20
|
| Posted: Fri Jun 04, 2004 3:06 pm Post subject: |
|
|
done that already, but does not keep visitors from doing this;
http://yoursite/a map/anyfile.txt
This is a MAJOR security hole in ANY webserver, no matter how free it is, sorry, but this forces me to go shop around for an alternative. |
|
| Back to top |
|
|
Anonymoose
-
Joined: 09 Sep 2003
Posts: 2192
|
| Posted: Fri Jun 04, 2004 4:31 pm Post subject: |
|
|
| Out of interest, which part of htaccess would you have used to stop them doing the same thing if you were using Apache? |
|
| Back to top |
|
|
jans
-
Joined: 04 Jun 2004
Posts: 20
|
| Posted: Fri Jun 04, 2004 5:12 pm Post subject: |
|
|
For example, anything that is NOT specifically in a cgi- map or other map that has special acces rights should be blocked or stopped from being shown or accessed by a www-visitor, but all programs ( .pl .cgi or other on the webserver installed ) that need writing access should be permitted to do so even if the map is not accessible by simply browsing to it.
I don't know if apache has such a feature because I feel if there is one server that is virtually impossible to set up for a leeman like me it must be apache, what a crap server this is ( not only for setup point of view but also for the lack of a decent GUI )
I know Xitami has a nice GUI, but I don't think, Xitami is capable uf CGI and ASP,....
So for this far Abyss was the only alternative I always believed. |
|
| Back to top |
|
|
Anonymoose
-
Joined: 09 Sep 2003
Posts: 2192
|
| Posted: Fri Jun 04, 2004 5:20 pm Post subject: |
|
|
So you want Abyss to implement a feature from a webserver you consider crap and virtually impossible to set up? ;) The console format of Abyss provides a much easier way to control file access etc than using htaccess, so if you have problems with a lack of GUI, you can hardly want them implemented in their current format as gui-less text files.
Also, you mention you're not sure if Apache actually has this feature (or that's how I read it?) - I'm not entirely sure you fully understand the permissions available with Abyss, or exactly how the directive you think exists would be implemented in Apache.
Other than using an anti-leech script to prevent direct access of files you don't want to be accessed other than by a direct reference from a webpage, I can't see how you expect the server to be able to prevent this? |
|
| Back to top |
|
|
jans
-
Joined: 04 Jun 2004
Posts: 20
|
| Posted: Fri Jun 04, 2004 5:34 pm Post subject: |
|
|
I think I am not a goeroe enough to express myself but someone on another forum opted the .htaccess file support.
What I guess I do understand from your post there are scripts that prevent visitor from leeching my webserverfiles, so can this script prevent a visitor from browsing my webserver for file they know ( or at least think they know ) exist because I have programs running from which they know the files and mapstructures. ( for example forumsoftware users know certain maps exist on each server that uses that software ) |
|
| Back to top |
|
|
jans
-
Joined: 04 Jun 2004
Posts: 20
|
| Posted: Fri Jun 04, 2004 5:58 pm Post subject: |
|
|
| Anonymoose wrote: |
Other than using an anti-leech script to prevent direct access of files you don't want to be accessed other than by a direct reference from a webpage, I can't see how you expect the server to be able to prevent this? |
other than by a direct reference from .....Abyss.
I tell abyss once that visitors can; Read,Write,Alter or execute from specific maps. Now Abyss knows this and only permits or denies these actions to all visitors.
Then I tell Abyss which programs ( or Perl or CGI files ) may execute on my webserver ( does so already in the CGI settings ) and permits these programs to R, W or Alter files on my webserver ( need to to keep forum and guestbook running, capice ? )
So now Abyss runs safely on my win32 server and I can set file access ( from win32 point of view ) to non sharing and disallow users from accessing it from the outside ( I know no other way to say this sorry )
I wanted I could explain it beter, but I simply can't ( dutch and dumb I guess ;-) ) |
|
| Back to top |
|
|
Anonymoose
-
Joined: 09 Sep 2003
Posts: 2192
|
| Posted: Fri Jun 04, 2004 8:44 pm Post subject: |
|
|
| The only problem is CGI programs run outside the scope of Abyss, for example PHP operates in console mode, not true CGI mode, so there is no way at all for Abyss to control how it could access your files. I have never seen this feature in use myself - if you know a file exists, and the file is normally included in a page, you will normally be able to access that file directly. To work round it, you'd have to use a lot of PHP (or your language of choice) scripting to include the files you wanted without allowing direct access. |
|
| Back to top |
|
|
aprelium
-
Joined: 22 Mar 2002
Posts: 6800
|
| Posted: Sun Jun 06, 2004 1:58 pm Post subject: Re: does Abyss support .htaccess ? |
|
|
jans,
.htaccess files aren't supported on Abyss because it uses its own configuration system. Give us a .htaccess file, and we'll tell you how to have the same features it describes in Abyss.
_________________
Support Team
Aprelium - http://www.aprelium.com |
|
| Back to top |
 |
|
jans
-
Joined: 04 Jun 2004
Posts: 20
|
| Posted: Mon Jun 07, 2004 6:57 pm Post subject: |
|
|
@aprelium,
I am told this is the .htaccess file that denies access to unwanted maps
AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName DenyViaWeb
AuthType Basic
<Limit GET>
order allow,deny
deny from all
</Limit>
Wat I need is this;
In a nutshell it boils down to disallowing webaccess for those dirs but give Abyss full NT access to those dirs. |
|
| Back to top |
|
|
iNaNimAtE
-
Joined: 05 Nov 2003
Posts: 2381
Location: Everywhere you're not.
|
| Posted: Tue Jun 08, 2004 1:17 am Post subject: |
|
|
You can do this with the new beta version.
_________________
Bienvenidos! |
|
| Back to top |
    |
|
TRUSTAbyss
-
Joined: 29 Oct 2003
Posts: 3752
Location: USA, GA
|
| Posted: Tue Jun 08, 2004 1:59 am Post subject: |
|
|
Yep , you can deny listing for certain Directories !
Example: /cgi-bin (Deny Listing)
All folders will display a listing accept
/cgi-bin , but if you add a path like
/images , all other directories in /images
will also be denied , Aprelium should fix that. |
|
| Back to top |
|
|
iNaNimAtE
-
Joined: 05 Nov 2003
Posts: 2381
Location: Everywhere you're not.
|
| Posted: Tue Jun 08, 2004 2:01 am Post subject: |
|
|
I was actually thinking of using IP Banning; you can ban certain IPs from certain directories, can't you (and not just the whole site)?
_________________
Bienvenidos! |
|
| Back to top |
|
|
TRUSTAbyss
-
Joined: 29 Oct 2003
Posts: 3752
Location: USA, GA
|
| Posted: Tue Jun 08, 2004 2:13 am Post subject: |
|
|
Yeah , you can but its a bug in the current
beta , you just add an IP Rule for a certain
directory and bann that certain user.
14 to 20 days , new Beta ! |
|
| Back to top |
|
|
Foxified
-
Joined: 13 Apr 2004
Posts: 487
Location: Canada
|
| Posted: Tue Jun 08, 2004 4:26 am Post subject: |
|
|
| iNaNimAtE wrote: | | I was actually thinking of using IP Banning; you can ban certain IPs from certain directories, can't you (and not just the whole site)? |
who were you thinking of banning :unsure:
_________________
 |
|
| Back to top |
|
|
jans
-
Joined: 04 Jun 2004
Posts: 20
|
| Posted: Tue Jun 08, 2004 10:21 am Post subject: |
|
|
| TRUSTpunk wrote: | Yep , you can deny listing for certain Directories !
Example: /cgi-bin (Deny Listing)
All folders will display a listing accept
/cgi-bin , but if you add a path like
/images , all other directories in /images
will also be denied , Aprelium should fix that. |
Explain yourself please ?
how to deny listing on certain dirs. to unknown users that browse from the web ?
Thanks |
|
| Back to top |
|
|
Anonymoose
-
Joined: 09 Sep 2003
Posts: 2192
|
| Posted: Tue Jun 08, 2004 10:52 am Post subject: |
|
|
| That doesn't actually do the same as the .htaccess directive though unless I'm reading it wrong. The .htaccess directive disallows access to *all files in the directory* and listing the directory. The Abyss version will only block listing the files but allow access if a user knows the exact path - which is where the original question starts... |
|
| Back to top |
|
|
jans
-
Joined: 04 Jun 2004
Posts: 20
|
| Posted: Tue Jun 08, 2004 11:19 am Post subject: |
|
|
| Anonymoose wrote: | | That doesn't actually do the same as the .htaccess directive though unless I'm reading it wrong. The .htaccess directive disallows access to *all files in the directory* and listing the directory. The Abyss version will only block listing the files but allow access if a user knows the exact path - which is where the original question starts... |
Right, thanks for this clear help, and so we are back to the beginning but now I at least have someone who understands the problem ;-) |
|
| Back to top |
|
|
iNaNimAtE
-
Joined: 05 Nov 2003
Posts: 2381
Location: Everywhere you're not.
|
| Posted: Wed Jun 09, 2004 12:00 am Post subject: |
|
|
| Anonymoose wrote: | | That doesn't actually do the same as the .htaccess directive though unless I'm reading it wrong. The .htaccess directive disallows access to *all files in the directory* and listing the directory. The Abyss version will only block listing the files but allow access if a user knows the exact path - which is where the original question starts... |
Which is why I suggested IP banning.
First, Foxified, I wasn't planning on banning anyone. That was a solution I had thought of.
If you ban users from a certain directory and change it to only allow from your IP, then all users will be banned from both the directory and and the files. Also, yes, the way you used .htaccess will ban everyone from both. There is the IndexIgnore command which is more what TRUSTpunk was thinking of.
However, as TRUSTpunk said, there is a bug in the current beta, so you'll have to wait for the new one.
_________________
Bienvenidos! |
|
| Back to top |
|
|
aprelium
-
Joined: 22 Mar 2002
Posts: 6800
|
| Posted: Wed Jun 09, 2004 1:20 pm Post subject: |
|
|
Making a directory or some files unreachable for all users (or for some users) is possible in the new version.
_________________
Support Team
Aprelium - http://www.aprelium.com |
|
| Back to top |
|
|
jans
-
Joined: 04 Jun 2004
Posts: 20
|
| Posted: Sat Jun 12, 2004 3:12 pm Post subject: |
|
|
| aprelium wrote: | | Making a directory or some files unreachable for all users (or for some users) is possible in the new version. |
Q;
1. When and where is this version going to be available ?
2. Does it support the function from the little .htacces file ( non listing, non showing of files in certain maps ? to all visitors from anywhere from the web ? |
|
| Back to top |
|
|
Anonymoose
-
Joined: 09 Sep 2003
Posts: 2192
|
| Posted: Sat Jun 12, 2004 4:03 pm Post subject: |
|
|
The beta version is already available. Look at the additional section at the bottom of the forum.
You should be able to implement the htaccess options you required using the options in the new version, although currently the IP banning is not working correctly, so you'd have to wait for a newer version of the beta. |
|
| Back to top |
|
|
loose traffic
-
Joined: 21 Jun 2004
Posts: 9
|
| Posted: Fri Jul 16, 2004 9:57 pm Post subject: |
|
|
I'm unsure as to how this would be done.. I'd like to allow linking from my website only (beaconschool.org/~mseverin). I understand how it would be done with an .htaccess file using mod_rewrite function ...
| Code: | RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain\.com/.*$ [NC]
RewriteRule \.(gif|jpg)$ - [F] |
I'd appreciate any help :/ |
|
| Back to top |
|
|
aprelium-beta
-
Joined: 24 Jun 2004
Posts: 383
|
| Posted: Fri Jul 16, 2004 11:44 pm Post subject: |
|
|
loose traffic,
This feature is called antileeching and will be available in version 2. Meanwhile, You can download the Beta release of version 2 (see the 2.0 Beta section in this forum) and test it immediatly.
_________________
Beta Testing Team
Aprelium - http://www.aprelium.com |
|
| Back to top |
|
|
loose traffic
-
Joined: 21 Jun 2004
Posts: 9
|
| Posted: Sat Jul 17, 2004 12:52 am Post subject: |
|
|
I put this at the very top of my INDEX.PHP
| Code: | <?php
$from = getenv("HTTP_REFERER");
print("$from");
?> |
It works in Opera but in IE abyss gives an "Error 200"
I'm working with iframes.. what might error 200 mean
I'll check 2.0 out immediatly |
|
| Back to top |
|
|
loose traffic
-
Joined: 21 Jun 2004
Posts: 9
|
| Posted: Sat Jul 17, 2004 1:08 am Post subject: |
|
|
| it seems as though there's no exception list to the antileech feature :( |
|
| Back to top |
|
|
aprelium-beta
-
Joined: 24 Jun 2004
Posts: 383
|
| Posted: Sat Jul 17, 2004 1:49 am Post subject: |
|
|
| loose traffic wrote: | I put this at the very top of my INDEX.PHP
| Code: | <?php
$from = getenv("HTTP_REFERER");
print("$from");
?> |
It works in Opera but in IE abyss gives an "Error 200"
I'm working with iframes.. what might error 200 mean
I'll check 2.0 out immediatly |
Error 200 means that the script was exeuted fine but that it sent no ouput was sent to the server from the script. This happens when $from is empty, i.e., when HTTP_REFERER is empty, i.e., when the browser doesn't send the referrer information.
To solve error 200 problem, change:
to
So now, even if $from is empty, the little space will be output.[/code]
_________________
Beta Testing Team
Aprelium - http://www.aprelium.com |
|
| Back to top |
|
|
aprelium-beta
-
Joined: 24 Jun 2004
Posts: 383
|
| Posted: Sat Jul 17, 2004 1:51 am Post subject: |
|
|
| loose traffic wrote: | | it seems as though there's no exception list to the antileech feature :( |
There is no documentation yet for 2.0 Beta, but to do set antileeching for *.jpg files for example, add /*.jpg to the Antileech scope. That's it.
_________________
Beta Testing Team
Aprelium - http://www.aprelium.com |
|
| Back to top |
|
|
loose traffic
-
Joined: 21 Jun 2004
Posts: 9
|
| Posted: Sat Jul 17, 2004 2:50 am Post subject: |
|
|
| thanks about the error messages and as for the antileeching.. i meant an exception list to allow certain sites to "leech" ... i'm using abyss to host certain folders on my computer and a members section on a seperate server links to it.. i was hoping to allow access only when members follow that specific link. it seems as though abyss restricts access from ALL outside websites |
|
| Back to top |
|
|
aprelium
-
Joined: 22 Mar 2002
Posts: 6800
|
| Posted: Sat Jul 17, 2004 5:11 pm Post subject: |
|
|
| loose traffic wrote: | | thanks about the error messages and as for the antileeching.. i meant an exception list to allow certain sites to "leech" ... i'm using abyss to host certain folders on my computer and a members section on a seperate server links to it.. i was hoping to allow access only when members follow that specific link. it seems as though abyss restricts access from ALL outside websites |
OK, we understand now what you mean. A better antileeching configuration will be available soon. The version you tested is a "test" version, so not everything is perfect :-)
_________________
Support Team
Aprelium - http://www.aprelium.com |
|
| Back to top |
|
|
neamtzu
-
Joined: 26 Oct 2004
Posts: 3
|
| Posted: Thu Oct 28, 2004 4:33 pm Post subject: |
|
|
I have the following .htaccess file content:
Options -Indexes
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mywebsite.com/.*$ [NC]
RewriteRule \.(rar|zip|mp3|ace|avi)$ - [F]
This allows only reffers from mywebsite.com to acces my files in that folder. But i read that htaccess isnt supported by abyss, so can you please tell me how to use this anti-leeching feature with abyss ? |
|
| Back to top |
|
|
TRUSTAbyss
-
Joined: 29 Oct 2003
Posts: 3752
Location: USA, GA
|
| Posted: Thu Oct 28, 2004 7:01 pm Post subject: |
|
|
Download the beta in the beta 2 forum and follow the documentation or look
at my simple example tutorial at http://abyssws.cjb.net , I hope this helps. |
|
| Back to top |
|
|
admin
Site Admin
Joined: 03 Mar 2002
Posts: 1332
|
| Posted: Fri Oct 29, 2004 5:17 am Post subject: |
|
|
| neamtzu wrote: | I have the following .htaccess file content:
Options -Indexes
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mywebsite.com/.*$ [NC]
RewriteRule \.(rar|zip|mp3|ace|avi)$ - [F]
This allows only reffers from mywebsite.com to acces my files in that folder. But i read that htaccess isnt supported by abyss, so can you please tell me how to use this anti-leeching feature with abyss ? |
Version 2 (that is currently under tests, see the 2.0 Beta section in this forum) has the same feature. It is called antileeching and it doesn't require all these cryptic lines to be configured. |
|
| Back to top |
|
|
Arctic
-
Joined: 24 Sep 2004
Posts: 560
|
| Posted: Sat Oct 30, 2004 4:33 am Post subject: |
|
|
A message
Last edited by Arctic on Sat Apr 20, 2019 5:17 pm; edited 1 time in total |
|
| Back to top |
|
|
Anonymoose
-
Joined: 09 Sep 2003
Posts: 2192
|
| Posted: Sat Oct 30, 2004 3:29 pm Post subject: |
|
|
| It won't help at all, the question was about anti-leeching, ie blocking hotlinking of files from other sites, not password protecting their own site. |
|
| Back to top |
|
|
|
