Imagine you have a website and a subdirectory (say, http://example.com/gallery/) and you now want to make use of a subdomain instead (say, http://gallery.example.com)

Doesn't sound too hard, does it?

Sat, 01/05/2010 - 19:31 — horuskol

Using the or directives to restrict access to specific areas of a website only works if there is actually a physical file or directory. But as more and more site frameworks are using rewritten URLs, the chances of a URL mapping to a physical file or directory are getting pretty slim.

So, what can you do in these circumstances?

Well, something like this:

Satisfy any
 
Order allow,deny
 
SetEnvIf Request_URI "^/admin" admin
Deny from env=admin
 
AuthUserFile /var/www/your-website/.htpasswd
AuthType Basic
AuthName "Authentication Required"

Sat, 01/05/2010 - 19:00 — horuskol

If you want to restrict access to a specific directory, such as an administration section, you have a couple of options. First, you can drop a .htaccess file into the directory which you want to restrict and set it up like this:

AuthUserFile /var/www/your-website/.htpasswd
AuthType Basic
AuthName "Authentication Required"
 
Require valid-user

Sat, 01/05/2010 - 18:39 — horuskol

This should be fairly useful - it sets up a trusted connection (always allow access to people on a specific network) and requires authentication for anyone else outside of that network.

Satisfy any
 
Order deny,allow
Deny from all
 
Allow from 192.168.1
 
AuthUserFile /var/www/your-website/.htpasswd
AuthType Basic
AuthName "Authentication Required"
 
Require valid-user

Satisfy Directive

Sat, 01/05/2010 - 18:17 — horuskol

If you want to lockdown your website, but do not need a full user access solution built in PHP or ASP, etc, you can make use of a variety of authentication options with Apache.

This example uses the basic authentication methods available to the core of Apache httpd:

AuthUserFile /var/www/your-website/.htpasswd
AuthType Basic
AuthName "Authentication Required"
Require valid-user

.htpasswd file

Sat, 01/05/2010 - 17:48 — horuskol

First off, restricting access to your entire website is pretty easy.

All you need to do is put the following at the top of the .htaccess file in your website's document root:

Order deny,allow
Deny from all

This will prevent anyone from seeing your website. Admittedly, not terribly useful, but it's a start.

It is important not to have a space in 'deny,allow', as this will cause an Apache server error.

Sat, 01/05/2010 - 17:14 — horuskol

For most applications, there really isn't all that much to Apache configuration beyond setting up the virtual host and document root.

But Apache has a lot more to offer, and this set of articles will show how to set up some security on your site.

Mon, 01/03/2010 - 19:50 — horuskol

As I go further down the rabbit hole that is web-development, and break away from the path of pre-built libraries and frameworks, I just keep learning more.

A few weeks ago I finally got around to creating my own collection class - for the uninitiated, a collection is a way of creating something that behaves like an array, but with the added advantage of having inheritable and extensible methods, like an object.

Mon, 14/12/2009 - 19:28 — horuskol

Okay, so automically generating a friendly URL for a blog post or forum post from their titles doesn't really take a lot - but this snippet might make it easier for you:

function make_slug($orig, $length = 0)
{
  $slug = preg_replace('/[^a-zA-Z0-9]/', '-', $orig);
  $slug = preg_replace('/\-\-+/', '-', $slug);
  $slug = strtolower($slug);
 
  if ($length > 0) {
    // limits the length of the slug
    $slug = substr($slug, 0, $length);
  }
 
  if (strrpos($slug, '-') == strlen($slug) - 1) {
    // removes any ending -
    $slug = substr($slug, -1);
  }

Tue, 06/10/2009 - 19:53 — horuskol

I recently helped a poster at HTML Forums who wanted to be able to reformat floating point numbers in PHP.

The problem is that some of these numbers were in exponential format. There was also a requirement not to round a number like 0.004 to 0, although the 'precision' was to be constant for all uses of this function in the script.

8.8458e-119    = 8.84e-119
1.06542e-52    = 1.07e-52
2.68e-36       = 2.68e-36
2.91405e-35    = 2.92e-35
0.0190644      = 0.01
0.0205511      = 0.02
0.004          = 0.004