Page 1 of 1

Apache and disallowing direct access to files

Posted: Thu Jan 06, 2011 4:35 am
by skylark2
Newbie here, trying not to make a howling mess of things...

I'm working on a web version of an old Windows executable program which reads its data from flat files. We're heading for a database system longer term, but in the meantime, flat files it is.

I know how to disallow users from seeing the contents of the flat file directory. But is there a way to prevent them being served these files if they know/guess the names and type them explicitly into the browser? They never need to see them directly - they are read by the CGI executable program called by my php script.

I'm aware I'm in a bit of an "if I were you I wouldn't start from here" situation - all suggestions gratefully received.

Edit: This is Apache 2.2 on Windows.

Re: Apache and disallowing direct access to files

Posted: Thu Jan 06, 2011 5:31 am
by VladSun
Move them outside of the web root directory.

Re: Apache and disallowing direct access to files

Posted: Thu Jan 06, 2011 7:02 am
by skylark2
I found a workaround for my case - although the directory always had been a subdirectory of the executable directory, it didn't have to be. So I just moved it elsewhere on the filesystem and referenced it internally with an absolute rather than relative path.

Still interested in knowing if there's an Apache solution, though.

Re: Apache and disallowing direct access to files

Posted: Thu Jan 06, 2011 7:03 am
by skylark2
Thanks Vlad - not entirely sure why I didn't see your response until I posted mine. Great minds think alike I see :)

Re: Apache and disallowing direct access to files

Posted: Sat Jan 15, 2011 4:23 am
by josh
Create an .htaccess in any folder:

Code: Select all

Order deny,allow
Deny from all