SMF forum behind .htaccess problem - and other related access problem

[hidden]

Of course! I have written about it here... simplemachines.org/community/index.php?topic=190487.0 any ideas Sammy or anyone? This would be really nice to do. I have searched access code information and don't find anything particular about this.

Specifically what was happening was when I clicked a link from the htaccess protected html pages to the forum address - it brought up another secure screen to place the access password in and then because I used code to redirect html to htmls it brought it up again but this time un protected -- odd -- and then when it went to the site at the htps url and all of the graphics were there but the log in didn't work.

However - when it brought up the second enter password screen and I repeatedly hit cancel rather than enter the user name and password --- it went to the forum - no images loaded but the text and links were there AND it let me log in! VERY NOT GOOD! ..

also I noticed that using the htaccess prevented the images contained in a folder under the access from being loaded to the html pages as well - ( I did have hot link access protection included in the script but I am thinking it is more about the password - don't know)

ANY COMMENTS IDEAS? about how to make SMF work behind the htaccess? Or what I can do differently?

[hidden]

The forum HAS PROTECTION built in.  Why are you trying to DOUBLE the protection?

You can make the boards not viewable until registered.  And set registration to require approval to tighten up WHO has access.

[hidden]

There are some who are ultra security minded here in regards to even have search engines find the site so I have done everything I can think of to keep anyone from finding anything as long as possible or as much as possible .. I just figured the same way if you lock your front door and then the door to your bedroom -- it at least might deter some further from finding or trying to hack the site or get into the forum if they can't even get past the front password area.


I've added the htaccess to prevent a huge list of bad bots from crawling

robot meta tags not to look at each page

robot text file to not look

etc etc.. added a security ssl level

this just seemed so perfect -- to have to have access to the site in general through one password and add the second to get into or try to direct link into the more sensitve area of the forum.

[hidden]

ah, I'll post

I think you might be able to something with the file permissions to restrict the read/writre/execute users/groups but it's way beond me. I do think it would be easier if your host was local, like on your own server, but then you have to admin yourself. Of course if security is a huge issue for you then you almost have to have your own server(s). maybe you could post on an apache ng ?

[hidden]

Thanks Pat -- I am still searching for answers .. and will search that type of phrase maybe it will help if such a permission is out there. I can't host myself - no time. And in this case as long as I can verify I have done everything reasonably possible to protect the site everyone will be happy.

Apache Ng well now ya got me really  so I looked it up  and it seems very intensely complicated for a person like me that took forever to learn how to write what I will now call a "simple" htaccess file.  But it is an idea.

I am continuing on various other elements of finishing the site creation while I investigate what to do but I have to have something figured out soon - so I will keep investigating your ideas. Thanks Again!

[hidden]

I AM figuring this thing out slowly but surely and will let you know how and what soon. BUT if anything else comes to mind I would still appreciate hearing about it as maybe there is still an easier way than what I have come up with.