Ne si chel kolkoto triabva i kudeto triabva :)
V httpd.conf opisvash direktoriata:
(vmesto znaka ^ pishesh znakcite za po-malko ili po-goliamo,
no tuk tozi forum gi ignorva, zatova sum pisal ^)
^Directory "/var/lib/apa/htdocs/secret_dir"^
DirectoryIndex index.html
.....
.....
AllowOverride AuthConfig
^/Directory^
V /var/lib/apa/htdocs/secret_dir suzdavash file s ime
/var/lib/apa/htdocs/secret_dir/.htaccess v koito da ima
neshto podobno:
##############
AuthUserFile /var/lib/apa/access/.htpassword
AuthGroupFile /dev/null
AuthName SecretPlace
AuthType Basic
^Limit GET^
require valid-user
^/Limit^
###############
Niama znachenie kude e file-a
/var/lib/apa/access/.htpassword , jelatelno e da e izvun
Root Direktoriata na httpd-to, che toku vij izleznal niakoi
exploit za apache :)
A vutre v tozi file /var/lib/apa/access/.htpasswdord triabva
da ima neshto kato
###########
valid_name:YMFHIDv8O52Tpk
###########
samo che ne triabva da go suzdavash bukvalno i ruchno, a
kato pusneh
htpasswd -c passwordfile username password
ot direktoriata /var/lib/apa/bin/htpasswd ili
/var/lib/apa/sbin/htpasswd, zavisi kude ti se namira tova
chudo. Opciata -c shte suzdade passwordfile-a
/var/lib/apa/access/.htpassword purvia put, ako iskash da
dobaviash sled tova drugi useri tazi opcia ne ti triabva.
Ami tova mai, ima i oshte podrobnosti iz httpd.conf, no te
po default sa setnati OK, stiga da ne reshish che ne te
kefiat neshto i da gi promenish bez da iskash :) A imenno:
#
# AccessFileName: The name of the file to look for in each
# directory for access control information.
#
AccessFileName .htaccess
#
# The following lines prevent .htaccess files from being
# viewed by Web clients. Since .htaccess files often
# contain authorization information, access is disallowed
# for security reasons. Comment these lines out if you
# want Web visitors to see the contents of
# .htaccess files. If you change the AccessFileName
# directive above, be sure to make the corresponding
# changes here.
#
# Also, folks tend to use names such as .htpasswd for
# password files, so this will protect those as well.
#
^Files ~ "^\.ht"^
Order allow,deny
Deny from all
^/Files^
|