Uncrackable Directory Access
It's possible to give yourself, and/or someone else, exclusive access to files in a directory and sleep well. No stress. Because access to the directory is uncrackable through HTTP or HTTPS — with browsers or robots.
If other software on your server is lacking security or is compromised, or if your server is hacked, then yes, access to the directory may be gained. But it's done by first gaining access to something else, not by cracking the directory gatekeeper.
Recently, software for a custom project needed exclusive HTTP and HTTPS access to a PHP script.
No public was allowed access. No bots, no browsers, no person or thing was allowed access to that PHP script except the software on that server.
Servers, of course, have IP addresses.
Therefore the PHP script was put in a special directory with a gatekeeper. The gatekeeper passes only HTTP and HTTPS requests with the IP address of that server.
It works a treat.
It can work just as well for passing people — only browsers with a certain IP address get access. You can give someone (or yourself) exclusive HTTP/
The gatekeeper is in the .htaccess file.
You specify an IP address. Only that IP address gets past the gatekeeper.
Even if the IP address is spoofed, it won't work.
While the spoofed IP address would get past the .htaccess file, nothing would be returned to the browser or robot making the request. The reason is that they aren't connected to the internet at the IP address they spoofed. Browsers and robots can receive information only at their real IP address.
Got a file meant for only one person? Too sensitive to send by email?
Give them exclusive access to a special directory with these steps:
-
Have them go to https://www.willmaster.com/blog/tips/ip-address.php with their browser and copy their IP address from that page.
-
You set up the gatekeeper to allow only that IP address and upload the sensitive file into that directory.
-
Send them the URL to the file.
They can access the file with their browser. But nobody else can.
The IP address doesn't even have to be a secret.
Whether known only by you and the other person or by half the people in the world, access to that directory can only be accomplished by doing so from the allowed IP address.
Note: If an IP address changes, then the person can no longer access the directory. To see if your IP address changes, to go to use https://www.willmaster.com/blog/tips/ip-address.php now, record your IP address, then use the page again the next several times you connect or over the next few days. Compare the IP addresses to see if there are changes.
How to Set up a Gatekeeper
To set up a gatekeeper, you'll need these three things:
- A directory for the gatekeeper.
- A file .htaccess in the directory.
- The IP address that will have access.
The .htaccess file will contain these four lines (replace IP address 73.36.207.22 with the IP address that will have access):
SetEnvIf REMOTE_ADDR 73.36.207.22 allow_this=1
Order Deny,Allow
Deny from all
Allow from env=allow_this
When the .htaccess file contains the above four lines, except with the IP address colored blue replaced with the correct IP address, then only the IP address you specify has access to the directory.
To allow more than one IP address access to the directory, repeat the first line for every additional IP address. This example allows three IP addresses to have access to the directory.
SetEnvIf REMOTE_ADDR 73.36.207.22 allow_this=1 SetEnvIf REMOTE_ADDR 36.207.22.73 allow_this=1 SetEnvIf REMOTE_ADDR 207.22.73.36 allow_this=1 Order Deny,Allow Deny from all Allow from env=allow_this
This technique means you need to know the IP address of everybody who is to have access to the directory. No usernames, passwords, cookies, or anything else is checked, only the browser's IP address.
Once you have the IP address, you can set up exclusive, uncrackable access to the directory.
(This article first appeared in Possibilities ezine.)
Will Bontrager