htaccess deny all allow remote access

2
votes

I am trying to get a .htaccess to deny all direct access and only allow access from the Joomla Extension URL Installer.

I have one server where the installation/download directory in here is the .htaccess.

I have multiple servers from my own which ip's i can add to the code below. But what about my client websites that want to host it somewhere else. It is a bit difficult to constantly have to update the htaccess with more ip addresses. And this is not safe as well I guess.

AuthName "Protected" 
AuthType Basic 
<Limit GET POST> 
order deny,allow 
deny from all 
allow from YOUR.SERVER.IP.ADDRESS 
</Limit>

I can think of two possible sollutions but don't know if it exists.

  1. Create one user/pass in .htpasswd and then make the htaccess:

    AuthName "Protected" 
AuthType Basic 
<Limit GET POST> 
order deny,allow 
deny from all 
allow from valid-user 
</Limit>

    and make the link: 

    http://example.com/download/install_something_v1.0?USERNAME&PASSWORD

  2. Modify htaccess so it allows only access through script but no direct access.

1
php.htaccessjoomla3.0
shouldn't the link be http://USERNAME:[email protected]/download/install_something_v1.0 ?Pedro Lobito
if you're happy with http basic auth, then might as well skip the auth and just issue your users an "api key" they can include in the url.Marc B
@PedroLobito I did not even know that it was possible with a link. So it is. I am going to try your suggestion. Thank you.purple11111
@MarcB How should I implement an api key? No idea at this moment on how to get it going. Thank you for your suggestion.purple11111
@PedroLobito I have just tried it and it is working. Thank you very much. Would you be so kind to make an answer so I can approve it. Thank you.purple11111

1 Answers

1
votes

As requested, I'm posting my comment as an answer.

You can use a link with the following format:

http://USERNAME:[email protected]/download/install_something_v1.0