Web Hosting Forum | Lunarpages


*
Welcome, Guest. Please login or register.
Did you miss your activation email?


Login with username, password and session length
September 02, 2010, 07:54:46 AM

Pages: 1 [2]   Go Down
« previous next »
  Print  
Author Topic: FrontPage and the .htaccess File  (Read 8090 times)
SteveW
Master Jedi
*****
Offline Offline

Posts: 1394


WWW
« Reply #15 on: July 28, 2006, 06:25:52 PM »
Because of hack attempts apparently resulting from the previous posts, I've put IP Deny in place, and before doing that took another look at how it might affect security.

The default FrontPage "order deny,allow" lines allow anyone to GET or POST, and no one to PUT or DELETE. The changes that DenyIP made don't change that, but it has to change how it's done so it can apply the denial lines globally.

It still wouldn't hurt to examine .htaccess after applying IPDeny, to review what it did and to make sure it's what you wanted.

A concise reference on how to interpret the Order, Allow, and Deny directives is at http://httpd.apache.org/docs/1.3/mod/mod_access.html. I didn't find any documentation about rules of precedence (what if two or more rules conflict?). [Edit: I found one source, not definitive enough to post link, that said if access rules conflict, the rule farther down in the .htaccess file overrides the earlier one.]
« Last Edit: July 29, 2006, 09:23:53 AM by SteveW » Logged




Mt. Shasta
photo gallery.


Don't forget Lunarpages 24/7/365 support documentation:
Flash Tutorials, Knowledge Base FAQ Articles, cPanel Manual, Glossary/Dictionary, Support Tickets,
and
Forum Search.
01Aiden
Newbie
*
Offline Offline

Posts: 3
« Reply #16 on: February 20, 2009, 11:25:54 PM »
Hi,
Thanks for your good information.
Logged
70-647
angelad
Trekkie
**
Offline Offline

Posts: 19
« Reply #17 on: June 25, 2009, 03:28:03 PM »
Quote from: SteveW on July 28, 2006, 06:25:52 PM
Because of hack attempts apparently resulting from the previous posts, I've put IP Deny in place, and before doing that took another look at how it might affect security.

The default FrontPage "order deny,allow" lines allow anyone to GET or POST, and no one to PUT or DELETE. The changes that DenyIP made don't change that, but it has to change how it's done so it can apply the denial lines globally.

It still wouldn't hurt to examine .htaccess after applying IPDeny, to review what it did and to make sure it's what you wanted.

A concise reference on how to interpret the Order, Allow, and Deny directives is at http://httpd.apache.org/docs/1.3/mod/mod_access.html. I didn't find any documentation about rules of precedence (what if two or more rules conflict?). [Edit: I found one source, not definitive enough to post link, that said if access rules conflict, the rule farther down in the .htaccess file overrides the earlier one.]


Looks like I got a lot of ground to cover before getting the hang of Frontpage.  Just reading some of these problems, I'm getting a bit scared that I will spend too much time on this.
Logged
Pages: 1 [2]   Go Up
  Print  
« previous next »
 
Jump to: