Software, your way.
burger menu icon
WillMaster

WillMaster > LibrarySecurity and Blocking

FREE! Coding tips, tricks, and treasures.

Possibilities weekly ezine

Get the weekly email website developers read:

 

Your email address

name@example.com
YES! Send Possibilities every week!

Uncrackable Directory Access

It's possible to give yourself, and/or someone else, exclusive access to files in a directory and sleep well. No stress. Because access to the directory is uncrackable through HTTP or HTTPS — with browsers or robots.

If other software on your server is lacking security or is compromised, or if your server is hacked, then yes, access to the directory may be gained. But it's done by first gaining access to something else, not by cracking the directory gatekeeper.

Recently, software for a custom project needed exclusive HTTP and HTTPS access to a PHP script.

No public was allowed access. No bots, no browsers, no person or thing was allowed access to that PHP script except the software on that server.

Servers, of course, have IP addresses.

Therefore the PHP script was put in a special directory with a gatekeeper. The gatekeeper passes only HTTP and HTTPS requests with the IP address of that server.

It works a treat.

It can work just as well for passing people — only browsers with a certain IP address get access. You can give someone (or yourself) exclusive HTTP/HTTPS access to a directory.

The gatekeeper is in the .htaccess file.

You specify an IP address. Only that IP address gets past the gatekeeper.

Even if the IP address is spoofed, it won't work.

While the spoofed IP address would get past the .htaccess file, nothing would be returned to the browser or robot making the request. The reason is that they aren't connected to the internet at the IP address they spoofed. Browsers and robots can receive information only at their real IP address.

Got a file meant for only one person? Too sensitive to send by email?

Give them exclusive access to a special directory with these steps:

  1. Have them go to https://www.willmaster.com/blog/tips/ip-address.php with their browser and copy their IP address from that page.

  2. You set up the gatekeeper to allow only that IP address and upload the sensitive file into that directory.

  3. Send them the URL to the file.

They can access the file with their browser. But nobody else can.

The IP address doesn't even have to be a secret.

Whether known only by you and the other person or by half the people in the world, access to that directory can only be accomplished by doing so from the allowed IP address.

Note: If an IP address changes, then the person can no longer access the directory. To see if your IP address changes, to go to use https://www.willmaster.com/blog/tips/ip-address.php now, record your IP address, then use the page again the next several times you connect or over the next few days. Compare the IP addresses to see if there are changes.

How to Set up a Gatekeeper

To set up a gatekeeper, you'll need these three things:

  1. A directory for the gatekeeper.
  2. A file .htaccess in the directory.
  3. The IP address that will have access.

The .htaccess file will contain these four lines (replace IP address 73.36.207.22 with the IP address that will have access):

SetEnvIf REMOTE_ADDR 73.36.207.22 allow_this=1
Order Deny,Allow
Deny from all
Allow from env=allow_this

When the .htaccess file contains the above four lines, except with the IP address colored blue replaced with the correct IP address, then only the IP address you specify has access to the directory.

To allow more than one IP address access to the directory, repeat the first line for every additional IP address. This example allows three IP addresses to have access to the directory.

SetEnvIf REMOTE_ADDR 73.36.207.22 allow_this=1
SetEnvIf REMOTE_ADDR 36.207.22.73 allow_this=1
SetEnvIf REMOTE_ADDR 207.22.73.36 allow_this=1
Order Deny,Allow
Deny from all
Allow from env=allow_this

This technique means you need to know the IP address of everybody who is to have access to the directory. No usernames, passwords, cookies, or anything else is checked, only the browser's IP address.

Once you have the IP address, you can set up exclusive, uncrackable access to the directory.

(This article first appeared in Possibilities ezine.)

Will Bontrager

Was this article helpful to you?
(anonymous form)

Support This Website

Some of our support is from people like you who see the value of all that's offered for FREE at this website.

"Yes, let me contribute."

Amount (USD):

Tap to Choose
Contribution
Method

All information in WillMaster Library articles is presented AS-IS.

We only suggest and recommend what we believe is of value. As remuneration for the time and research involved to provide quality links, we generally use affiliate links when we can. Whenever we link to something not our own, you should assume they are affiliate links or that we benefit in some way.

How Can We Help You? balloons
How Can We Help You?
bullet Custom Programming
bullet Ready-Made Software
bullet Technical Support
bullet Possibilities Newsletter
bullet Website "How-To" Info
bullet Useful Information List

© 1998-2001 William and Mari Bontrager
© 2001-2011 Bontrager Connection, LLC
© 2011-2024 Will Bontrager Software LLC