Page 1 of 4
Forbidding access to a directory.
Posted: Fri Jun 29, 2007 4:05 pm
by JellyFish
How do I forbid access to a specific directory on my web server? I have a bunch of videos located in a directory on my server that I want to allow only members of my site to be able to view. I'm authenticating members with PHP sessions, and I want the videos to be accessible only through a PHP page with this authentication.
I appreciate any assistance on this.
Thanks for reading.
Posted: Fri Jun 29, 2007 5:25 pm
by feyd
Research the htaccess control of allow and deny. Note: this only limits HTTP requests.
Posted: Fri Jun 29, 2007 7:08 pm
by JellyFish
I googled "htaccess forbidding directory" and found that if an .htaccess file has this statement:
then all files in the same directory as the .htaccess file will be forbidden access to everyone. It doesn't appear to have any effect on my directory at all. Am I doing something wrong?
Posted: Fri Jun 29, 2007 7:10 pm
by Ambush Commander
Sounds like htaccess might be disabled for you. Is your webhost using Apache?
The alternative is to place the videos beneath the web directory, and then serve them using a PHP script. This is not very efficient though, and might cause your hosting company to complain about zombie PHP processes.
Posted: Fri Jun 29, 2007 7:16 pm
by JellyFish
I'm sure htaccess is enable for me(I once used it for password auth...).
Posted: Fri Jun 29, 2007 7:17 pm
by Ambush Commander
Try capitalizing Deny.
Posted: Fri Jun 29, 2007 7:27 pm
by JellyFish
That didn't do it either. Is it that I misspelled the file extension: .htaccess?
Does "Deny from all" not deny access to the all of the directory's files and subdirectories?
Posted: Fri Jun 29, 2007 7:28 pm
by Ambush Commander
That didn't do it either. Is it that I misspelled the file extension: .htaccess?
Nope, it's correct.
Does "Deny from all" not deny access to the all of the directory's files and subdirectories?
That's what it should do.
Does your server have mod_access? Also, try putting gibberish into the htaccess file and see if you get a 500 error.
Posted: Fri Jun 29, 2007 7:31 pm
by JellyFish
I got the 500 error.
How do I tell if my server mod_access?
Posted: Fri Jun 29, 2007 7:32 pm
by Ambush Commander
<IfModule mod_access>
Posted: Fri Jun 29, 2007 7:34 pm
by JellyFish
Could it be that my file only consist of:
?
EDIT: Also when I change my file to:
Code: Select all
<IfModule mod_access>
Deny from all
I get an Internal Server Error
Posted: Fri Jun 29, 2007 7:36 pm
by Ambush Commander
No, I've used that plenty of times before and it invariably works. Ask your host if mod_access is enabled.
Posted: Fri Jun 29, 2007 8:32 pm
by JellyFish
Okay I contacted my hostie and found out that it is enable and that, for some WEIRD reason, it works but when I go to try accessing it on this computer it doesn't... weird.
I tested on my other computers and it works. Why on this computer would it have access?
EDIT: It was my cache.

Posted: Fri Jun 29, 2007 8:33 pm
by Ambush Commander
Mmm... try clearing your browser cache?
Posted: Fri Jun 29, 2007 8:37 pm
by JellyFish
Ambush Commander wrote:Mmm... try clearing your browser cache?
Exactly. Well, thanks for all help peoples.
This would protect people from downloading or viewing the files in the directory as the .htaccess, but not restrict the files from being viewed with and mp3 player for example, right?
EDIT: In other words, it's secure?