Next Previous Contents

12. Using password protection

Even though you have chosen a hard to guess name for your two new directories, you might want to consider password protecting the one that contains all your htxxx.php files. Since that directory also contains countryhtsetup.php and countryhtaccess.php, if someone ever discovers the name of the directory, they could have the ability to load either one of these two programs in their own browser and change your settings.

On the other hand, you do not want to password protect the directory that holds countrycheck.php. Because if you do, then anytime a file is requested that gets checked by countrycheck.php, a password will be required. This is probably not what you want to happen. This is why only countrycheck.php, notfound.php, and badcountry.php are located in that directory. If anyone learns the name of the country1 directory and tries to access countrycheck.php directly, they will get nowhere because countrycheck.php contains code to prevent this. The user will be treated the same as if he were in a country that was being blocked.

Remember, you can add password protection to the country2 directory, but do not add password protection to the country1 directory.

Describing how to password protect a directory is not the subject of this document. If you are not already familiar with how password protection works on your web site, most hosting control panels can perform the operation for you.

12.1 Protecting the countrycheck.php file

Ok, you've given the "country1" directory a name that is hard to guess, but mistakes can be made and when that happens, somebody might find this directory and try to grab your countrycheck.php file.

Well, don't worry about it. Nobody can actually download the file due to the way the Apache server deals with .php files. Apache won't send the file as-is, it will first process the file as a php program. The countrycheck.php program doesn't output anything that would reveal where your country2 directory is located or how to access any of the programs in it. And besides, if someone tries to load the countrycheck.php file directly through a browser, the program is designed to treat the request just as if it were coming from a blocked country and the user will just get a blank page.

You would think that you could place an .htaccess file with a rewrite rule in your country1 directory to redirect any attempt to access countrycheck.php, but due to the way Apache handles file requests and .htaccess files, this isn't possible because you would be doing a rewrite on every file access since other files are already rewritten to access the countrycheck.php file.

So, simply put, don't worry about protecting countrycheck.php, it's protected automatically.

Next Previous Contents