Partner and Community Forums
.htaccess and .htpasswd equivalent
Last post Oct 23, 2012 09:32 AM by fab777
Sep 28, 2012 03:46 PM|LINK
Hi - I used Web Platform Installer to install php, among other things, on Windows 2008 R2/IIS 7.5.
Installed an app by a third party that is written in PHP. Everything runs fine except for security where they say I need to use the equivalent of .htaccess and .htpasswd to set some security on some folders and such. Below is their description.
How do I do the three things they describe, except do it using IIS instead of apache.
1. protect directory xxx/yyy using a .htpasswd file
2. The contents of the directories listed below should be protected from direct access via the HTTP protocol (i.e. using a browser):
Limiting access to server directories should be performed by means of the web server. In case of using Apache as the web server those directories should contain a .htaccess file with the following directive:
Deny from all
3. Assign permissions to the application's files and directories that should allow only authorized users of the operating system to access and modify their contents. Exact permission values depend on the current server configuration and the purpose of each
specific file or directory. Below are provided common recommendations on setting up access permissions.
The web server should be allowed to rewrite contents of the following directories (and the files contained in them):
data/ (and subdirectories)
Oct 01, 2012 09:41 AM|LINK
you have to play with NTFS permissions and IIS authentication module.
1. Remove NTFS permission to the IUSR_XXXX on the directory, activate 'Basic Authentication' in IIS and add 'read & execute' NTFS permission to the granted users.
2. use IP autorisation
3. Remove NTFS permission to the IUSR_XXXX on the directory, activate 'Basic Authentication' in IIS and add 'modify' NTFS permission to the granted users.
Oct 23, 2012 09:32 AM|LINK
Hi, s your problem solved or do you still need some help?