Restrict access to files/subdirectories using PHP

I'd like to know if this is even possible, and, if so, what kind of things would be required.

Let's say that I have a directory, such as domain.com/mydir, and I have a bunch of files in this directory that I don't want people to be able to directly access via a constructed URL (mydomain.com/mydir/example.txt).

Is it possible to prevent anyone from accessing any kind of file in this directory (html, txt, etc.) by using a PHP script, or is the only solution to use a .htaccess file?

Any advice or suggestions are welcome.

If order for PHP to handle ALL requests in that folder, you'ld have to alter Apache directives in httpd.conf or .htaccess anyways.

Apaches' mod_access module is what controls access to files.

A common thing to see in .htaccess files to do what you're trying to do is


It's likely possible to block requests to certain URLs at the switch/router level, but that's not somthing I have any experience whatsoever with & likely not somthing you have access to by the sounds of things anyway.

Yeah, I figured it would have to be done through Apache. I've been looking all morning but it seems that .htaccess is the only reasonable route to take on this one.

Thanks.

After couple of hours of reading on .htaccess for apache in windows - I finally figured out - You need to set the open_basedir directive in your php.ini file to restrict access to file system beyond the web folder. Considering it took my good amount of searching I added couple of articles on PHP security that applies for windows here:

http://oviya.me

It is also a good idea to turn off errors and phpinfo function as well.

Well you could move the files below the root and use php to access them. Only problem is this becomes quite resource intensive.

Something like

index.php?/path/to/file.jpg

You can use .htaccess to remove the index.php? to make it look like a regular path.

(Just for the record this topic is two years old.)