Reputation: 151
PHP, stop access to files
so i have numerous .txt and .xml files that are used to store data, is there anyway that i can have them store the data, but a user is unable to open them in a web browser?
I was thinking their could be a way to do this using .htaccess but as of yet have been unable to find any answers while doing research on the matter
Upvotes: 0
Views: 168
Answers (4)
Reputation: 3160
create a .htaccess file and put it into your directories and use:
<filesMatch ".(txt|xml)$">
order deny,allow
deny from all
allow from your.ip.xxx.xxx ## add this line if you allow certain users access to your data
</filesMatch>
or you can move your .txt/xml files outside of your root directory which I'd recommend doing unless your script would need to be heavily modified, but it would be worth it.
Upvotes: 0
Reputation: 27904
There are two ways you can solve this. If your server is Apache, you can store your files to a specific folder named "data" or whatever you prefer, and inside this folder you will have a .htaccess file with this single line written within: Deny from all. Thats all, works like charm.
Howover, it is not exactly 100% guaranteed once some server maintance can make Apache ignore .htaccess files for some time, then your security is gone. In this case you may prefer to just store those files outside the public folder.
When hosting a web site, its common practice to have a organization like /home/mywebsite.com/public_html/, where the public_html subfolder is where your website structure as seen by the world actually is, but everything inside the /home/mywebsite.com/ folder also belong to your to be used how you wish, mainly to store the files and information that are not supposed to be accessed by the public.
This organization may also be interesting to prevent sensitive .php files, specially the ones containing passwords, from being directly accessed by the public, once again an Apache maintance can make it stop interpreting PHP files and display the code instead. It happened to me once, was not cool.
Upvotes: 0
Reputation: 219874
- Store them outside of your document root (recommended)
- Use the following htaccess in your web root
.
<Files ~ "\.txt$">
Order allow,deny
Deny from all
</Files>
<Files ~ "\.xml$">
Order allow,deny
Deny from all
</Files>
Upvotes: 0
Reputation: 3781
Store them outside of your document root so that your web server will be unable to reply to requests for them. This will be more reliable than relying on .htaccess files.
Upvotes: 1
Related Questions
- i want to block access to folder and its content php
- Stop access to files in a directory on the browser with htaccess
- deny access of php file from url htaccess
- Deny access to directory files via browser with htaccess
- Deny access to all PHP files in a directory using .htaccess
- .htaccess deny access to just PHP files
- Deny access to .php files apart from the server itself
- Prevent access to files from Apache without .htaccess
- Deny access to a file
- Disable access to files