Restrict access to files/subdirectories using PHP

  • spork
  • Brewmaster
  • Silver Member
  • User avatar
  • Posts: 6255
  • Loc: Seattle, WA

Post 3+ Months Ago

I'd like to know if this is even possible, and, if so, what kind of things would be required.

Let's say that I have a directory, such as domain.com/mydir, and I have a bunch of files in this directory that I don't want people to be able to directly access via a constructed URL (mydomain.com/mydir/example.txt).

Is it possible to prevent anyone from accessing any kind of file in this directory (html, txt, etc.) by using a PHP script, or is the only solution to use a .htaccess file?

Any advice or suggestions are welcome.
  • joebert
  • Fart Bubbles
  • Genius
  • User avatar
  • Posts: 13504
  • Loc: Florida

Post 3+ Months Ago

If order for PHP to handle ALL requests in that folder, you'ld have to alter Apache directives in httpd.conf or .htaccess anyways.

Apaches' mod_access module is what controls access to files.

A common thing to see in .htaccess files to do what you're trying to do is
Code: [ Select ]
Order Deny,Allow
Deny from all
  1. Order Deny,Allow
  2. Deny from all


It's likely possible to block requests to certain URLs at the switch/router level, but that's not somthing I have any experience whatsoever with & likely not somthing you have access to by the sounds of things anyway.
  • spork
  • Brewmaster
  • Silver Member
  • User avatar
  • Posts: 6255
  • Loc: Seattle, WA

Post 3+ Months Ago

Yeah, I figured it would have to be done through Apache. I've been looking all morning but it seems that .htaccess is the only reasonable route to take on this one.

Thanks.
  • mysticjay1
  • Born
  • Born
  • mysticjay1
  • Posts: 1

Post 3+ Months Ago

After couple of hours of reading on .htaccess for apache in windows - I finally figured out - You need to set the open_basedir directive in your php.ini file to restrict access to file system beyond the web folder. Considering it took my good amount of searching I added couple of articles on PHP security that applies for windows here:

http://oviya.me

It is also a good idea to turn off errors and phpinfo function as well.
  • SpooF
  • ٩๏̯͡๏۶
  • Bronze Member
  • User avatar
  • Posts: 3422
  • Loc: Richland, WA

Post 3+ Months Ago

Well you could move the files below the root and use php to access them. Only problem is this becomes quite resource intensive.

Something like

index.php?/path/to/file.jpg

You can use .htaccess to remove the index.php? to make it look like a regular path.
  • spork
  • Brewmaster
  • Silver Member
  • User avatar
  • Posts: 6255
  • Loc: Seattle, WA

Post 3+ Months Ago

(Just for the record this topic is two years old.)

Post Information

  • Total Posts in this topic: 6 posts
  • Users browsing this forum: No registered users and 24 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
cron
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.