Reputation: 8086
Protecting a directory from direct URL access
need some help...
I need to protect all the FOLDERS in a DIRECTORY from direct URL access. Can I do this with .htaccess and if yes, how? Or is their a safer method?
Here's my situation, I allow a user to UPLOAD a a pdf file.
The file is sent to /uploads/{userid}/{filename}
This all works dandy, but the issue is that the PDF can be accessed directly if someone knows the {userid} and {filename}
I want to secure the uploads directory and all sub directories from direct URL access.
At the same time however my database (MySQL) needs to be able to browse the uploads directory and sub directories to confirm that a PDF file was uploaded and let the admin download the file from the admin control panel.
Now I'm not asking you to write my code. I'm just letting you know my specs because I assume someone might suggest htpasswd but I don't think I can use that solution as per my requirements.
If you have a simple solution or if you can point me on the right track to a tutorial please do so.
Thanks!
Upvotes: 3
Views: 2436
Answers (1)
Reputation: 656
As Fabio points out - it's better to keep such files out of web root. But you still CAN use .htaccess to protect the files. They'll be guaranteed protected unless you accidentally delete the .htaccess or the sysadmin changes the main configuration (which sometimes happens).
Just put a an .htaccess into the directory you want to protect, and put a single line in that .htaccess:
deny from all
Upvotes: 4
Related Questions
- Deny access to a folder from direct url
- PHP protect directory from direct URL access
- Protect file from direct access
- Deny direct access to folder from URL
- Prevent direct access to file in URL
- Prevent server from going into a directory
- Protecting folders with .htaccess
- How to block access to a folder except from internal pages
- How can i protect a URL/Directory in my site?