Block access to certain folder on a website?

There has to be more to this question that you've asked because the simplest answer is to move the folder out of the DocumentRoot. That way no one can access it.

However, I suspect what you really want is to restrict access to it, either to certain users, or to certain IP addresses or some such, correct?

If that's the case the specifics will vary depending on precisely which access controls you want to implement (e.g. username/password, IP address, and so on.

The official word on Apache authentication can be found at http://httpd.apache.org/docs/1.3/howto/auth.html, but it' a lenghty document. If you can be more specific about what you're trying to do I'm sure someone can post a more specific answer.

Does anyone know if you can do that with the /private/etc/hosts file?

/etc/hosts will block access to a site (based on hostname), but won't allow finer-grained control such as a specific directory on that site - it's an all or nothing approach.

For that level of control your best bet is probably a proxy server such as Squid, which has extensive access control rules, including time-based (e.g. allow it between certain hours only)

What about creating a bogus "machine" in Netinfo Manager?

While it won't help you know, the new parental controls in Leopard may help:
"More flexible parental controls in Leopard mean you can place restrictions on use of the Internet. You can, say, specify a time of day and duration for your child to play World of Warcraft. And with new remote setup, you can set parental controls from anywhere"

oops "know" should have been "now"

A "machine" in this context is an entry in the Netinfo Manager application. You set the URL in Netinfo Manager to point to a nonexistent localnet IP address, in this example 0.0.0.0 When the URL is requested, the request is redirected to noplace, and the browser offers an error page.

I have used this method to block sites, but don't know if it works for subfolders in a website. I was hoping someone would tell me. I would try it on my own computer but O may need to reboot for it to work, and I try to avoid rebooting.

> I have used this method to block sites, but don't know if it works for subfolders in a website

No. it wil block the entire site. This is no different from adding the hostname to /etc/hosts.

When you enter a URL, the first thing the browser does is perform a name lookup on the hostname to find the IP address of the server. Then it contacts the server and sends a GET request for the URL (the rest of the URL after the hostname).

Since the name lookup (and therefore the /etc/hosts or NetInfo-> Machines lookup) is separate and distinct from the URI, it doesn't care (or even know) what folder/path you're requesting from the site, so there's no way to selectively block content in this manner.

You can definitely use a hosts file to block a lot of stuff, including ads. I use this one, as it is extremely tight:

http://mvps.org/winhelp2002/hosts.txt

> You can definitely use a hosts file to block a lot of stuff

Right, but again, only for host-level blocking, not directory-level.