Webmasters Stack Exchange
Webmasters Stack Exchange

Questions tagged [access-control]

27 questions
7
votes
1 answer

Deny access to all PHP files using FilesMatch, but make an exception for one file

Currently, using htaccess I am denying access to any PHP file in a directory, but not the JS, PNG, CSS files in the same directory. Order deny,allow Deny from all What if I want to make an exception for one file…
posfan12
  • 766
  • 2
  • 7
  • 15
3
votes
0 answers

NGINX configuration for the same folder protection rewrites in each of thousands of subdirectories

The following code allows me to protect a specific folder with the membership software we're using. The problem is if we have 1,000 folders we need to protect, we need to copy/paste this same code for each and every folder. I'm wondering, how can I…
Jennifer W
  • 31
  • 1
3
votes
2 answers

How do I give a hired developer access to my bluehost cpanel?

I can't find any way to like "create a guest account" to access my account without just giving him my account credentials. How should this be done? I can't find any help articles on it.
temporary_user_name
  • 131
  • 1
  • 1
  • 5
3
votes
1 answer

How to restrict web site/intranet access to company network?

What is the best/most secure way to create a web site or intranet on an externally hosted server, but make it only accessible from within my company's network? I am trying to avoid running my own server internally.
Jason
  • 39
  • 1
  • 2
3
votes
1 answer

Does requiring login to access content hinder SEO?

I am wondering what the SEO effects of a 'Login Wall' is. More specifically, we have content that is region specific, so for instance a URL could look like www.example.com/content/Canada/Ontario. This would render all of the content pieces related…
connected_user
  • 163
  • 3
2
votes
0 answers

Allowing POST requests to bypass Basic Auth if on given pages

Current Implementation: SetEnvIfNoCase Host ^example\.com$ passreq AuthType Basic AuthName "Restricted Area" AuthUserFile /html/.htpasswd Order Deny,Allow Deny from all Satisfy any Require valid-user Allow from env=!passreq # Allow GET when…
Elwin
  • 21
  • 1
2
votes
2 answers

How to block access to all but homepage unless that access comes from the homepage?

Given a homepage at domain.com (e.g., https://example.com/), I want: outside requests to only be able to visit the homepage and no subpages that homepage to successfully redirect visitors to a subpage (for example,…
mix
  • 195
  • 1
  • 1
  • 6
2
votes
0 answers

Allowing access to protected area for multiple users from one organisation

I have a website which has a password protected area of content. This content can by accessed by a number of employees of a subscribing company. For example, The Acme Widget Co. has 100 employees, each signing in with an individual company email…
user1353459
  • 31
  • 1
1
vote
1 answer

Good Faith contract solidified by joint-dual access to server directory

Our freelance marketing team needs earn a portion of every online sale. They will receive notification via email upon each sale. The trust in the system needs be instilled by a secure and permission based method. Meaning I need them to have full…
Eric Barrett
  • 11
  • 1
1
vote
1 answer

Is there anything unusual or nefarious about private IP addresses in server logs?

A site I help take care of has just started getting crawled by somebody from 172.31.13.241 and 172.31.42.227 . According to WHOIS info, these are part of a block reserved by IANA for special purposes, specifically private networks. They're making…
Emanuil Tolev
  • 113
  • 4
1
vote
1 answer

Why does my IIS virtual directory serve folders but not files?

I have a network share (say, \\mysite\myshare) being served by an IIS 7.5 virtual directory at (say) http://www.example.com/myshare. From a web browser, I can click & navigate every folder and subfolder, but if I click any file, I get a 404 error…
DanB
  • 111
  • 3
1
vote
1 answer

Google Tag Manager (GTM) / Analytics - Restrict user or account access by subdirectory

I manage a large website (WordPress Multisite) which uses subdirectories (not subdomains) for different user's microsites. The entire website has Google Tag Manager installed and a GA4 Analytics tag associated, and we are receiving analytics…
Tom Auger
  • 155
  • 3
1
vote
0 answers

Use Cloudflare WAF to block all URLs except home page and one subdirectory

I want to block all paths except /English/ and the home page www.example.com in Cloudflare WAF. If I allow the English category, I would expect access to be allowed to all URLs from this category. The URLs for other categories should be blocked.
Helo Plus
  • 11
  • 2
1
vote
2 answers

How to protect data on a website from indexing and inclusion to machine learning or LLMs training data?

I'm supporting a larger web database that contains many hundreds of articles with consumer grade and technical tests of hardware and electronics. Our policy has always been to provide open access to these resources without the constraints of a…
prvok77
  • 11
  • 1
1
vote
1 answer

When uploading a photo to a website, for custom gifts and the like, do they only access the uploaded photo?

When uploading a photo to a website for a custom gift that the photo goes on, the phone or computer brings up a window to choose the photo you want. Does the website see any of the photos while you are scrolling to the one you want, or is that the…
AndroidUser558
  • 11
  • 1
1
2