I want to host a private web page that only the intended recipient can see and is invisible to everyone else and doesn't get indexed by all the search engines and is shown as public search result.
I have my own domain and have a paid premium hosting plan.
And the web page consists of just index.html, a css and js file that's all.
So how can i make it private that if others try to open it will get access denied or some error. And the only person I share url can access it?
If you’re using Linux Distribution like Ubuntu, make sure u have installed apache2 and apache2-utils. Then create new user with following command
sudo htpasswd -c /etc/apache2/.htpasswd new_user
And if you want to create another user just leave -c flag so the command will look like this
sudo htpasswd /etc/apache2/.htpasswd second_new_user
In both cases, you’ll be prompted to enter password for each user.
However, this method is for your global apache2 configuration. Same process can be repeated for only one website. Just make sure, that you have .htaccess file in your project and then repeat the command. Don’t forget to change path so the command will look like this.
sudo htpasswd -c /var/www/my_website/.htpasswd new_user
Enter the password and then configure .htaccess like this
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /var/www/my_website/.htpasswd
Require valid-user
If you stick to global apache 2 authentication, then point the change the third line to AuthUserFile /etc/apache2/.htpasswd
URL - is a unique identifier of a shared resource.
For denying access to those who have the url - but you have never had an intention for them to have it, you need to setup a password up front and send the password only to those you think should access your web page.
There are some web servers like Apache, you can set such security easily. I see the answer from Matej Bunček showing this.
Related
I cloned a private repository for a WordPress theme. The repository includes a wp-content folder (plus five other files - .png's, an .ico, and an .md). I'm trying to run the contents of this repository - the WordPress theme - locally on my Mac using MAMP PRO.
Running the repository should look like this: http://dynamic.switzercreative.com/
But I'm getting this:
In MAMP PRO, I have Apache and MySQL running:
You can also see that MySQL is configured to use port 8889.
Going into phpMyAdmin --> Database Name (on the left side) --> Privileges
I make sure that the username matches what I have in the wp-config.php file, and it does (line 3):
define( 'DB_USER', 'database_username' );
I also notice that under privileges, 'Grant' is set to no for this username. I'm guessing I need to edit this?
Should I be editing username privileges - is that what's causing this error message?
EDIT: I went ahead and hit "edit privileges" and checked "grant" under administration. That made the username display "all privileges", just like the other usernames
But I'm still getting the forbidden error message when typing localhost:8888/theme_name_wpe into the URL.
EDIT 2: I also considered that this might be a permissions issue. I followed the instructions in the second answer of this article - I cd'd into homefolder/wp-content/themes and ran sudo chown -R username:groupname theme_name to hopefully give the theme its necessary permissions. I'm still getting the same result in the browser, though.
EDIT 3: After checking the error log, I saw that the error message said:
Failed to load resource: the server responded with a status of 403 (Forbidden)
That led me to this article. Following the instructions in the top-rated answer, I cd'd into the root directory (the folder 'dynamictransit_wpe' that's sitting on my Desktop) and ran the following commands:
find . -type d -exec chmod 755 {} \;
find . -type f -exec chmod 644 {} \;
I'm still getting the same error, but the error message looks different now - like this:
Was I supposed to cd into the theme folder? (dynamictransit_wpe --> wp-content --> themes --> theme)
EDIT 4: After googling '403 forbidden httpd - t', I found this article, which suggests that I need to edit the httpd.conf file. At line 150 in the file, I found:
User #-1
Group #-1
I thought that I would need to change these to match the Database username / group name, but these changes this yielded no effect. I also tried a variety of other User and Group possibilities, including setting User to the Username for my Mac - still nothing.
A 403 means that something about the server's configuration is blocking your access to that particular file. In your case, since you are trying to access the site, the file is going to be index.php
From everything I can see in your documentation above, you already have WP installed correctly and the only potential problems I see are:
MAMP may not be running it's own Apache server. I say MAY because I don't have enough information to make that determination but it is a possibility.
Your Apache configuration forbids access to your web root. Did you create a folder specifically for this app in MAMP? If so, make sure that the root folder has 755 permissions and is owned by the web server's user and group.
Check your httpd.conf file and make sure that AllowOverride is set to All.
Ensure you don't have a funky .htaccess file somewhere that is blocking access to your site. When in doubt, rename the file to something like htaccess.txt and see if your site loads.
I'm not exactly sure which one of these adjustments caused it to work, but now going to "localhost/" renders the website:
1.) Changed username and password in wp-config.php to "root", like this:
define( 'DB_USER', 'root' );
define( 'DB_PASSWORD', 'root' );
(MAMP / MAMP PRO automatically sets "root" as the username and password for a database, so make sure that they are set correctly)
2.) Also make sure that the database name, host, home, and siteurl match:
define( 'DB_NAME', 'dynamic_transit' );
define( 'DB_HOST', 'localhost' );
define('WP_HOME','http://dynamic');
define('WP_SITEURL', 'http://dynamic');
3.) Make sure that the host name is set to localhost:
4.) Create an .htaccess file within your root folder (the folder that contains wp-content, wp-admin, and wp-includes. Leave that file blank.
5.) Make sure the username for Ports --> "Run Servers As:" is set to the username for your computer:
6.) Restart servers and go to localhost/ in the URL. If it's a WordPress site you should be able to go to localhost/wp-admin and enter your WordPress username and password to login.
I just uploaded a Wildfly web application to my free OpenShift account so my team members can check it out. It's a work in progress so I don't want people to know and access it via the web. If I want someone to use it then I'll send them the URL "XXX-XXX.rhcloud.com"
Is there a way to prevent people from knowing and accessing my web application on OpenShift?
You can use Basic authentication in order to anyone provides login/password before access your contents.
In openshift there is a enviroment variable called $OPENSHIFT_REPO_DIR, is the path of your working directory i.e. /var/lib/openshift/myuserlongid/app-root/runtime/repo/
I create a new enviroment variable called SECURE wrapping the folder path.
rhc set-env SECURE=/var/lib/openshift/myuserlongid/app-root/data --app myappname
Finally I connect to my app with ssh
rhc ssh myappname
And create the .htpasswd file
htpasswd -c $SECURE/.htpasswd <username>
Note: The -c option to htpasswd creates a new file, overwriting any existing htpasswd file. If your intention is to add a new user to an existing htpasswd file, simply drop the -c option.
.htaccess file
AuthType Basic
AuthName "Authentication"
AuthUserFile ${SECURE}/.htpasswd
Require valid-user
I am not sure if you configure openshift so that url is private, however I am sure you can hack your way. Instead of hosting your app at "XXX-XXX.rhcloud.com", you can set root-url of your app to be "XXX-XXX.rhcloud.com/some_hash" (for ex: XXX-XXX.rhcloud.com/2d6541ff807c289fc686ad64f10509e0e74ba0be22b0462aa0ac3a7a54dd20073101ddd5843144b9a9ee83d0ba882f35d49527e3e762162f76cfd04d355411f1 )
When it comes people finding your website on search engines you can block crawlers with robot.txt or noindex meta tag. You can further read about them here and here
I have hgweb.wsgi setup on an ubuntu server under apache2. Furthermore I have basic authing using the apache2 htpasswd approach. This all works nicely. However, we want to control what each user have access to and ACL seems to be the best approach. So inside the repos .hg folder I've created a hgrc and modified it according to the documentation for getting ACL up and running ( I've also enabled the extension ). The problem is I get no indication that the hgrc is used at all. If I add [ui] debug = true I still get nothing from the remote client. Sadly I'm not quite sure how to go about debugging this so any help would be much appreciated.
To make sure that a .hg/hgrc file in a repository is being consulted add something noticable to the [web] section like:
[web]
description = Got this from the hgrc
style = coal
name = RENAMED
If you don't see those in the web interface your .hg/hgrc isn't being consulted, and the most common reason for that is -- permissions. Remember that the .hg/hgrc has to owned by a user or group that is trusted by the webserver user (usually apache or www-data or similar). If apache is running under the user apache then chown the .hg/hgrc file over to apache for ownership -- root won't do and htpasswd user is irrelevant.
If that file is being consulted then you need to start poking around in the apache error logs. Turning on debug and verbose will put more messages into the apache error log, not into the remote client's output.
Has anybody else had an issue with the new Intellij HG4IDEA not working in Windows? Whenever I try to pull from a remote repository it just hangs, never asking for my ssh username/password.
My initial thought was that I should set my username/password in mercurial.ini somehow.
It just sits like this indefinably, if I try to cancel it it will not stop.
You need to configure it to work with your keys without password or
use ssh client that is able to ask password in a dialog window, like
TortoisePlink.exe.
When using console SSH client, there is no way for IDEA to see if it's
requesting passwords and provide them (it's just not supported, so ssh
client must either work without asking anything in the console or ask
a password via dialog).
See also
http://youtrack.jetbrains.net/issue/IDEA-62230 and http://youtrack.jetbrains.net/issue/IDEA-56004.
In order to get Intellij 10 to work with hg4idea I just changed my mercurial.ini file in my user directory of windows.
# Generated by TortoiseHg setting dialog
[extensions]
hgext.convert=
[ui]
username = myusername
[trusted]
users = *
groups = *
[ui]
ssh="C:\Program Files\TortoiseHg\bin\TortoisePlink.exe"
The key was to set ssh= to a client that supports prompting for passwords.
Is there a way to configure TortoiseHg to store my password?
I have a project hosted on Google Code that I access using TortoiseHg. Whenever I want to push changes to Google Code TortoiseHg prompts me for a username and password. Google Code requires me to use an auto-generated password, and it gets quite repetitive to look it up every time.
Both existing answers suggest storing your username and password unencrypted in plain-text, which is a bit of a no-no.
You should use the Keyring extension instead, as it has been specifically designed for securely saving authentication passwords. It already comes bundled with TortoiseHg, so all you have to do is activate it by writing the following in your mercurial.ini file:
[extensions]
mercurial_keyring=
You will also have to associate your username with the push url by editing your repository-specific .hg\hgrc file like in the example below:
[paths]
default = https://<your_username>#bitbucket.org/tortoisehg/thg
For more details on associating your username with the url, see the Repository Configuration (SMTP) section of the Keyring extension page.
Three steps, watch screenshot.
Note: This stores your password in plaintext.
Security warning
Although this answer is accepted as of 2017-09-15, it is not a recommended solution. You should never store your passwords in plain text. Use the mercurial_keyring extension instead. See another answer here.
You can change your push URL to https://username:password#hostname.com/repo.
This is explained in Google Code's and Mercurial's FAQs.
EDIT: Mercurial FAQ explains another way to do it:
With Mercurial 1.3 you can also add an auth section to your hgrc file:
[auth]
example.prefix = https://hg.example.net/
example.username = foo
example.password = bar
If you want to configure it via TortoiseHg, Repository Setting dialog is available.
After opening the dialog, please switch to 'Sync' tab.
You can add a path with HTTPS auth information.
http://tortoisehg.bitbucket.io/manual/2.9/settings.html#module-web.settings
Simply modify the hgrc file in the .hg directory of your local repository so it looks like this:
[paths]
default = https://name:password#yourproj.googlecode.com/hg/
where name is your Google Code login without the gmail/googlemail bit e.g. 'fredb' (not fredb#gmail.com), password is the Google-generated password, and yourproj is the name of your GC project. So something like:
default = https://fred:xyz123#fredproj.googlecode.com/hg/
This works for me using SSH. I know the password it's in text plain, but this is not a problem in this project.
You have to change myUser and MyOPas for your credentials and the path to: TortoisePlink.exe.
Edit the mercurial.ini
[reviewboard]
password = myPass
[ui]
username = myUser
ssh = "C:\Program Files\TortoiseHg\lib\TortoisePlink.exe" -l myUser -pw myPass
If you want to store the password in mercurial.ini and it doesn't work anymore after you upgrade to TortoiseHg 4.9 or higher a possible solution is to add the port to the prefix:
[auth]
tax.prefix = http://server:8080
tax.username = cerveser
tax.password = mypassword