How to protect directoy

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
shakeel
Forum Newbie
Posts: 12
Joined: Wed Jan 16, 2008 4:15 am

How to protect directoy

Post by shakeel »

Hello

I have a folder on my website. How to restrict that folder, so the user cant download something from that folder directly.
User avatar
mchaggis
Forum Contributor
Posts: 150
Joined: Mon Mar 24, 2003 10:31 am
Location: UK

Re: How to protect directoy

Post by mchaggis »

There are 2 sure fire solutions:

1) Use a .htaccess file to make the folder unbrowsable or password protected

2) Move the folder out of the web root
miloske
Forum Newbie
Posts: 4
Joined: Fri Sep 26, 2008 10:58 am

Re: How to protect directoy

Post by miloske »

I have similar problem - I have bunch of images in one folder, and they should be viewed only through php scripts which regulate who can see what. Folder must not be browsable, and users should not be able to open images even if they know exact file name (no it's not a porn site). Only two php scripts (files) should be able to open images.

I tried with a .htaccess file something like this:

AuthName "Includes"
AuthType Basic
<Limit GET POST>
order deny,allow
deny from all
allow from 127.0.0.1
allow from localhost
</Limit>

And it prevents users from viewing files directly, but it also prevents my scripts from loading those images.

How to do this?
jmut
Forum Regular
Posts: 945
Joined: Tue Jul 05, 2005 3:54 am
Location: Sofia, Bulgaria
Contact:

Re: How to protect directoy

Post by jmut »

As mentioned you should have those out of web root. And load images via php script. This php script will check acl for you and server or not image. If thousands/mills of images you serve...maybe should think on speed optimize solutions for this one.
Post Reply