Page 1 of 1
How to protect directoy
Posted: Wed Apr 02, 2008 7:10 am
by shakeel
Hello
I have a folder on my website. How to restrict that folder, so the user cant download something from that folder directly.
Re: How to protect directoy
Posted: Wed Apr 02, 2008 8:07 am
by mchaggis
There are 2 sure fire solutions:
1) Use a .htaccess file to make the folder unbrowsable or password protected
2) Move the folder out of the web root
Re: How to protect directoy
Posted: Sun Oct 05, 2008 11:22 am
by miloske
I have similar problem - I have bunch of images in one folder, and they should be viewed only through php scripts which regulate who can see what. Folder must not be browsable, and users should not be able to open images even if they know exact file name (no it's not a porn site). Only two php scripts (files) should be able to open images.
I tried with a .htaccess file something like this:
AuthName "Includes"
AuthType Basic
<Limit GET POST>
order deny,allow
deny from all
allow from 127.0.0.1
allow from localhost
</Limit>
And it prevents users from viewing files directly, but it also prevents my scripts from loading those images.
How to do this?
Re: How to protect directoy
Posted: Mon Oct 06, 2008 3:14 am
by jmut
As mentioned you should have those out of web root. And load images via php script. This php script will check acl for you and server or not image. If thousands/mills of images you serve...maybe should think on speed optimize solutions for this one.