If you have a directory listing of this, the easiest way to block it from there is to assign a username to that dir. If that doesn't make sense ... here is an example of how I use this method so users of my directory listing see/can't see other 'per user' directories.
You need to make a wep password file, I called mine, 'web-passwd', then you need to move this to a web-safe directory, by saying "need to" that means, highly suggested.
Ok, now we have an empty file in a web-safe directory, now let's add a username and password to it.
From the command line in linux run this command (note, make sure you are in the same DIR as your 'web-passwd' file:
htpasswd web-passwd USERNAME
USERNAME being the username you wish to lock this down to.
The htpasswd program will prompt for a new passwd, go ahead and enter whatever you want.
Ok, all done?
Good.
Now ... go in to the CVS directory on your webserver, the one we are trying to block out.
Create the file .htaccess within this DIR ... have the contents look something similar to this:
require user USERNAME
Now go into the document root of the DIR listing and create another .htaccess:
AuthUserFile /home/web-safe/web-passwd
AuthName 'Private Area'
AuthType Basic
Apache will automatically hide that folder from the DIR listing because it knows that you are not logged in as your USERNAME ... it works for me!
Shayne
