View previous topic :: View next topic |
Author |
Message |
keith-f -
Joined: 27 May 2003 Posts: 18 Location: North East England
|
Posted: Sun Aug 01, 2004 1:36 am Post subject: Pattern Format Problem |
|
|
I know this is probably a dopey question, and one that has heaps of previous answers, but I just cannot fathom out how to protect a members only area. I'm hosting a kids swimming club, and there's that many damned perv's out there everything has be as tight as a crabs @rse, or the authorities will close me down.
Anyway, How do I create the virtual path to read several extensions. I can block the *.html and *.jpg etc with seperate path names but is there a pattern format which allows/deny's ALL.
I may not be making this too clear, I need to allow/deny everthing within the members directory, not just specific *.html *.jpg etc.
The slightest clue would be most appreciated.
Best Wishes to All
A Well balanced diet is a beer in both hands! _________________ Keith
It is sometimes wiser to keep one's mouth shut and look foolish, Than to open it and remove all doubt! |
|
Back to top |
|
|
iNaNimAtE -
Joined: 05 Nov 2003 Posts: 2381 Location: Everywhere you're not.
|
Posted: Sun Aug 01, 2004 3:08 am Post subject: |
|
|
That's called "Access Control." In the console, you type the virtual directory you want to allow/deny. _________________ Bienvenidos! |
|
Back to top |
|
|
keith-f -
Joined: 27 May 2003 Posts: 18 Location: North East England
|
Posted: Sun Aug 01, 2004 4:05 pm Post subject: |
|
|
Yes, I have that bit, I did say I probably wasn't explaining things to clearly.
The Problem I have is that in the access control panel I define say, /members/*.html then that works fine. The server denies access to all but authorised. But, if someone calls /members/mypicture.jpg, access is granted without being tested.
I would have thought under the logic of using a wildcard then *.* would deny all but authorised but there are exeptions.
So far I've looked at using syntactical strings to block *.html ,*.jpg etc but it dosn't like it - unless I have the syntax wrong!
A Well balanced diet is a beer in both hands! _________________ Keith
It is sometimes wiser to keep one's mouth shut and look foolish, Than to open it and remove all doubt! |
|
Back to top |
|
|
TRUSTAbyss -
Joined: 29 Oct 2003 Posts: 3752 Location: USA, GA
|
Posted: Sun Aug 01, 2004 4:20 pm Post subject: |
|
|
The syntax for password protecting mypicture.jpg & all other jpeg's , you
should use the following example below , this will only protect the jpegs
in the members area , I hope this is what you want done , did this help ?
/members/*.jpg |
|
Back to top |
|
|
Stone-D -
Joined: 09 Jan 2004 Posts: 90
|
Posted: Sun Aug 01, 2004 5:32 pm Post subject: |
|
|
This is something I've been meaning to look up myself.
If I wanted to protect everything in a directory AND everything in each subdirectory recursively, would :
/db/*
suffice? Or would I need something like :
/db/*/*/*/*/*/* etc? _________________ --
Look, no SIG! |
|
Back to top |
|
|
TRUSTAbyss -
Joined: 29 Oct 2003 Posts: 3752 Location: USA, GA
|
Posted: Sun Aug 01, 2004 5:38 pm Post subject: |
|
|
You would just need /db , now wasn't that simple ! |
|
Back to top |
|
|
keith-f -
Joined: 27 May 2003 Posts: 18 Location: North East England
|
Posted: Sun Aug 01, 2004 6:20 pm Post subject: |
|
|
Where does the db bit come into it? or is that just an example.
So what your saying is to protect EVERYTHING in my members directory I would use the following:-
/members
Y/N
Sounds good to me !
A Well balanced diet is a beer in both hands! _________________ Keith
It is sometimes wiser to keep one's mouth shut and look foolish, Than to open it and remove all doubt! |
|
Back to top |
|
|
TRUSTAbyss -
Joined: 29 Oct 2003 Posts: 3752 Location: USA, GA
|
Posted: Sun Aug 01, 2004 6:35 pm Post subject: |
|
|
The answer is Yes ! anything in /members is protected ! |
|
Back to top |
|
|
keith-f -
Joined: 27 May 2003 Posts: 18 Location: North East England
|
Posted: Sun Aug 01, 2004 6:59 pm Post subject: |
|
|
Thanks TP...
Works a treat.
Next Question. Can you change the timeout from a suscessful login. For example once the user has logged in successfuly, if you leave the protected area, but come back an hour or so later, you are still logged in.
This could prove a problem with Kids using a School machine. _________________ Keith
It is sometimes wiser to keep one's mouth shut and look foolish, Than to open it and remove all doubt! |
|
Back to top |
|
|
TRUSTAbyss -
Joined: 29 Oct 2003 Posts: 3752 Location: USA, GA
|
Posted: Sun Aug 01, 2004 7:03 pm Post subject: |
|
|
Once you close your browser or empty your internet files , you will have to
login to the members area again , this will keep you from being logged in. |
|
Back to top |
|
|
Anonymoose -
Joined: 09 Sep 2003 Posts: 2192
|
Posted: Sun Aug 01, 2004 8:40 pm Post subject: |
|
|
Only closing the browser will clear a HTTP auth login - temporary internet files have nothing to do with it. If you want a session timeout you will have to look into using a cookie based login system, then you can have the cookies expire after x minutes instead. |
|
Back to top |
|
|
keith-f -
Joined: 27 May 2003 Posts: 18 Location: North East England
|
Posted: Mon Aug 02, 2004 12:33 am Post subject: |
|
|
Thanks you Guy's for your help. It really was appreciated. I can now confidently built this site up without fear of dirty perverts who get an 'Off' from seeing kids in swimming costumes....
If I thought for one minute that chopping their b@lls off would stop them, I'd cheerfuly do it myself with a rusty old hacksaw..... (Ouch!)
Finally, and just to pacify me, How secure is this... Can it be hacked ?
Once again Thanks for your help. _________________ Keith
It is sometimes wiser to keep one's mouth shut and look foolish, Than to open it and remove all doubt! |
|
Back to top |
|
|
Anonymoose -
Joined: 09 Sep 2003 Posts: 2192
|
Posted: Mon Aug 02, 2004 1:48 am Post subject: |
|
|
The only weakness you have to worry about is your own passwords - this isn't down to a fault in Abyss, just in how strong you choose to make your own passwords..
If you create a user called "user1" with a password of "password", it will take all of 20 seconds for a determined hacker to run a dictionary attack against your members area and gain access. However, a user of UsEr23b1@ and password of 29N!3(m would take infinitely longer - and hopefully by then you'd have noticed something was amiss in your log file. Whether you can get kids to remember strong passwords and obscure usernames is another matter... |
|
Back to top |
|
|
|