.htaccess and password protecting directories NOT files

typogra · August 4th, 2007, 1:45 AM

Hello. I have looked around but haven't been able to find help for this particular quesiton on this forum nor the internet in general. I assume maybe it can be done messing with httpd.conf, but I don't even know how to access that.

I would like to put a password on a folder, so that when I enter the password, I am able to view the contents of the folder (there is no index.html). But, I dont want the password to interfere with the files in the folder.

e.g. if i go to

http://www.site.com/folder

i will be prompted to enter a user/password in order to view all the files in this folder. HOWEVER, if i simply type in:

http://www.site.com/folder/image.jpg

in my browser, I can view this file, no problem, without having to enter a password.

A friend suggested to put a password on the folder, but then put an exclusion for .jpg, .gif files in the httpd.conf file, but that is beyond me. Any help would be appreciated!

**davotoula** · August 6th, 2007, 8:21 AM

Another way would be to solve it with PHP.

1. When user enters folder (index.php), it says password protected folder, please enter password.

2. If password is correct, a list of files is shown and the files can be accessed without restriction.

The overall security is a bit questionable because if the URL of a file is leaked (beware of google), there is no access control to it!

August 4th, 2007, 1:45 AM	#1 (permalink)
typogra Registered User Fresh Surpasser Joined in Apr 2006 1 posts Gave thanks: 0 Thanked 0 times	.htaccess and password protecting directories NOT files Hello. I have looked around but haven't been able to find help for this particular quesiton on this forum nor the internet in general. I assume maybe it can be done messing with httpd.conf, but I don't even know how to access that. I would like to put a password on a folder, so that when I enter the password, I am able to view the contents of the folder (there is no index.html). But, I dont want the password to interfere with the files in the folder. e.g. if i go to http://www.site.com/folder i will be prompted to enter a user/password in order to view all the files in this folder. HOWEVER, if i simply type in: http://www.site.com/folder/image.jpg in my browser, I can view this file, no problem, without having to enter a password. A friend suggested to put a password on the folder, but then put an exclusion for .jpg, .gif files in the httpd.conf file, but that is beyond me. Any help would be appreciated!

August 6th, 2007, 8:21 AM	#2 (permalink)
davotoula Surpass Fan Comfy Contributor Joined in Oct 2004 148 posts Gave thanks: 2 Thanked 2 times	Another way would be to solve it with PHP. 1. When user enters folder (index.php), it says password protected folder, please enter password. 2. If password is correct, a list of files is shown and the files can be accessed without restriction. The overall security is a bit questionable because if the URL of a file is leaked (beware of google), there is no access control to it! __________________ David Kaspar \| SH60

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)