fedoracore Posted April 30, 2007 Share Posted April 30, 2007 hi. what might i place in .htaccess (or otherwise, perhaps in httpd.conf) which would prevent, for example-- outside IP's from loading / displaying when i am developing on localhost?chances are, many of you have experienced something like the following:maybe you've put some "Google AdSense" in your web pages, or any of the multitude of similar "monetizing" code-- or maybe you've got a Yahoo! MyWeb Badge feeding your Yahoo! MyWeb Bookmarks data-- you've got something in your source-code which communicates w/ the "outside world" which, when displayed on localhost during testing-- does in fact display that remote content. the two popular entities i cited there aren't necessarily those which bother me in particular, but i have encountered situations where i've saved some code locally (legally, per the author's recommendation / per a public license of course) -- but i find later that when i preview it-- if i haven't cleaned the source-code so it shows only that PHP or JavaScript tutorial code i might wish to archive, i find that i've got someone's google ads, or other such media displaying on localhost.i think you get the idea...the question is-- what is the best way of controlling this content?ideally-- i'd like to just stick an .htaccess file in a local directory to cut out the fat-- so i've got only what i want-- in most cases, only 127.0.0.1 (but sometimes i WILL want to test google adsense, so i'd rather avoid modifying httpd.conf directly.)if i'm too convoluted in my inquiry here-- maybe you've got a URL to a resource on this particular topic specifically? thanks! Link to comment Share on other sites More sharing options...
boen_robot Posted April 30, 2007 Share Posted April 30, 2007 In an .htaccess or httpd.conf, put this: <Directory "physical path to your document root with forward slashes">Order Allow,DenyAllow from 127.0.0.1Deny from All</Directory> And replace the path of course. Link to comment Share on other sites More sharing options...
fedoracore Posted April 30, 2007 Author Share Posted April 30, 2007 EDIT: Skip the bulk of my nonsense if you like, and go to the very bottom... cause it's a lot here... In an .htaccess or httpd.conf, put this:<Directory "physical path to your document root with forward slashes">Order Allow,DenyAllow from 127.0.0.1Deny from All</Directory> for the .htaccess, i'd remove the <Directory ...> ... </Directory> opening and closing tags though, yes?after i posted here last night, i found something which jogged my memory-- and i proceeded to experiment a bit. once i read the thing at jsKit (above URL), i remembered this -> another really nice resource from which i've modeled many an .htaccess file (as a quick-start wizard, it's great IMHO!) yet-- each time during this experiment, i continued failing to achieve what i wanted-- which left me confused, to be honest-- thinking that perhaps there's something in my httpd.conf i've set somewhere along the lines which is "messing me up".[ ... SNIPPED A TON OF MY OWN B.S. ... ]MY MAIN QUESTIONS:Significance of [Order allow,deny] versus [Order deny,allow]and, also...------------the effect upon .htaccess of:AllowOverride None vsAllowOverrid Allthank you!!(btw-- i sympathize w/ anyone who passes this one over. it's rather all over the place. sorry.) Link to comment Share on other sites More sharing options...
boen_robot Posted April 30, 2007 Share Posted April 30, 2007 "Order" specifies how "Allow" and "Deny" are processed. If you use "allow,deny", then the request is first checked against the Allow list. If it's not listed, it's denyed. If it's listed, it's checked against the Deny list. If you use "deny,allow" then the request is first checked against the Deny list. If it's listed, it's denied. If it's not listed, it's checked against the allow list. If it's listed there, it's allowed. So for example: Order Allow,DenyAllow from AllDeny from All Will enable the resource for everyone. The same example with reverse order will deny the page to everybody instead.There are no obvious benefits when using some order at one spot. However, there is a benefit when you want to setup permission to different folder... to inherit different rules. I can't think of a good example right now.As forAllowOverride None andAllowOverride AllIf this option is set to the first, then all subsequent .htaccess files are ignored. If the second, .htaccess files have full control over the server configuration. Any directive you can use in httpd.conf can be used there as well. Other values allow partial .htaccess support, allowing adjusting only for access permissions and the such. This directive is useful if you'll be hosting sites. Link to comment Share on other sites More sharing options...
fedoracore Posted June 14, 2007 Author Share Posted June 14, 2007 boen_robot, thanks for your thoughtful replies. reading your info, and through some trial and error, i managed to have a few epiphonies during my stint with the httpd.conf file. for the longest time, i was so confused with why my htaccess files would work on-line, but not on my localhost setup-- it wasn't until i played with the ALlowOverride directive that things became more clear.very powerful stuff. very cool. ;-)thanks again.!PS. in case you were wondering, one of thie things i was trying to do was (i dont' think i mentioned already) was to "block", for example, GoogleAdsense from displaying on my localhost -- if i archived a page (save for offline viewing later), or if i have Adsense (for example) in my own code-- seeing it come through on the testing server led me to ponder any possible security risks (not to mention the slight annoyance of ads all over the place, flashing around-- while trying to edit CSS layout, for instance), i wanted to block it all. some things i tried wasn't doing it for me. so, hence my little study here-- which you helped me to understand more clearly in the end. thanks! Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.