Apache and disallowing direct access to files

XML, Perl, Python, and other languages can be discussed here, even if it isn't PHP (We might forgive you).

Moderator: General Moderators

Post Reply
skylark2
Forum Commoner
Posts: 32
Joined: Wed Jun 16, 2010 6:00 am

Apache and disallowing direct access to files

Post by skylark2 »

Newbie here, trying not to make a howling mess of things...

I'm working on a web version of an old Windows executable program which reads its data from flat files. We're heading for a database system longer term, but in the meantime, flat files it is.

I know how to disallow users from seeing the contents of the flat file directory. But is there a way to prevent them being served these files if they know/guess the names and type them explicitly into the browser? They never need to see them directly - they are read by the CGI executable program called by my php script.

I'm aware I'm in a bit of an "if I were you I wouldn't start from here" situation - all suggestions gratefully received.

Edit: This is Apache 2.2 on Windows.
User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Re: Apache and disallowing direct access to files

Post by VladSun »

Move them outside of the web root directory.
There are 10 types of people in this world, those who understand binary and those who don't
skylark2
Forum Commoner
Posts: 32
Joined: Wed Jun 16, 2010 6:00 am

Re: Apache and disallowing direct access to files

Post by skylark2 »

I found a workaround for my case - although the directory always had been a subdirectory of the executable directory, it didn't have to be. So I just moved it elsewhere on the filesystem and referenced it internally with an absolute rather than relative path.

Still interested in knowing if there's an Apache solution, though.
skylark2
Forum Commoner
Posts: 32
Joined: Wed Jun 16, 2010 6:00 am

Re: Apache and disallowing direct access to files

Post by skylark2 »

Thanks Vlad - not entirely sure why I didn't see your response until I posted mine. Great minds think alike I see :)
josh
DevNet Master
Posts: 4872
Joined: Wed Feb 11, 2004 3:23 pm
Location: Palm beach, Florida

Re: Apache and disallowing direct access to files

Post by josh »

Create an .htaccess in any folder:

Code: Select all

Order deny,allow
Deny from all
Post Reply