Newbie here, trying not to make a howling mess of things...
I'm working on a web version of an old Windows executable program which reads its data from flat files. We're heading for a database system longer term, but in the meantime, flat files it is.
I know how to disallow users from seeing the contents of the flat file directory. But is there a way to prevent them being served these files if they know/guess the names and type them explicitly into the browser? They never need to see them directly - they are read by the CGI executable program called by my php script.
I'm aware I'm in a bit of an "if I were you I wouldn't start from here" situation - all suggestions gratefully received.
Edit: This is Apache 2.2 on Windows.
Apache and disallowing direct access to files
Moderator: General Moderators
Re: Apache and disallowing direct access to files
Move them outside of the web root directory.
There are 10 types of people in this world, those who understand binary and those who don't
Re: Apache and disallowing direct access to files
I found a workaround for my case - although the directory always had been a subdirectory of the executable directory, it didn't have to be. So I just moved it elsewhere on the filesystem and referenced it internally with an absolute rather than relative path.
Still interested in knowing if there's an Apache solution, though.
Still interested in knowing if there's an Apache solution, though.
Re: Apache and disallowing direct access to files
Thanks Vlad - not entirely sure why I didn't see your response until I posted mine. Great minds think alike I see 
Re: Apache and disallowing direct access to files
Create an .htaccess in any folder:
Code: Select all
Order deny,allow
Deny from all