Forbidding access to a directory.
Moderator: General Moderators
- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
It's safe from direct access via HTTP requests. That doesn't mean they are completely safe however. Your scripts provide access therefore they need to be secured, your other scripts need a security audit too to determine if they accidentally give access to the files. The last hurdle is server level access. On some shared hosts, scripts are able to access the files of other users.
Wait! I can't access it nor anyone else including my server!
How can I allow my own domain to access the files?! I need the directory and all it's content/media secure, but I still would like the capability to view the media via my web player, only.
Does that make sense?
How can I allow my own domain to access the files?! I need the directory and all it's content/media secure, but I still would like the capability to view the media via my web player, only.
Does that make sense?
Last edited by JellyFish on Fri Jun 29, 2007 9:04 pm, edited 1 time in total.
- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
Example:
Code: Select all
file_get_contents('http://localhost/somepath/somefile.ext');Well, I changed my .htaccess file to:
This still doesn't appear to allow me access through a swf video player. Is the video player considered mydomain.com or is it considered the clients domain/IP?
Code: Select all
Deny from all
Allow from mydomain.com- Ambush Commander
- DevNet Master
- Posts: 3698
- Joined: Mon Oct 25, 2004 9:29 pm
- Location: New Jersey, US
- Ambush Commander
- DevNet Master
- Posts: 3698
- Joined: Mon Oct 25, 2004 9:29 pm
- Location: New Jersey, US
- Ambush Commander
- DevNet Master
- Posts: 3698
- Joined: Mon Oct 25, 2004 9:29 pm
- Location: New Jersey, US
Yeah that was the first thing that came to mind.Ambush Commander wrote:Make sure you set the proper headers.
So how would I output the stream provided by fopen, or is this the wrong approach?
Last edited by JellyFish on Fri Jun 29, 2007 11:00 pm, edited 1 time in total.
Wait a minute, I don't think I'm doing this right:
Code: Select all
header("Content-type: video/x-flv");
$stream = fopen("http://mysite.com/chart-room/videos/".$_GET['filename'], "r");
echo fgets($stream);
Last edited by JellyFish on Fri Jun 29, 2007 11:30 pm, edited 1 time in total.