Reputation: 6574
Zip files only to be read by server
I have a themes management which is prebuilt HTML files for my CMS that I am writing. I have a folder called themes then inside that are the zip files for the themes. I have an unzip function that will add the theme to the public_html page for the site to work correctly. My issue is if I go to the url it will download the zip file, by adding an .htaccess to the themes folder should that protect that from people downloading the zip. Also another question, instead of downloading 300 zip folders, is there a another way to handle templates? Maybe on another website server which then will download to that users public_html.
For example:
You go to my cms site (kms.io [example]) they search for a theme and then they click add to site. It will automatically add it to their server. Or possibly inside the KMS CMS admin panel show the other servers files by iterating. Basically I'm wondering can I communicate between my server to their server so they can download templates that I provide for them.
I don't need a step by step tutorial or anything, just a basic concept that I can look into, or if there already is a tutorial out there a link as well. I've googled this and get some funny results that have nothing to do what I want. Reason for that is I'm not sure of what to call this action really.
Refresher
Instead of downloading the zips in the KMS package, can I communicate with a base server (my sites server) from another users server so they can download template packages that the KMS will offer. Almost like Wordpress I suppose, never used it to be honest.
Upvotes: 0
Views: 69
Answers (1)
Reputation: 41838
I could tell you about adding basic authentication in htaccess for the themes folder, or about using mod-rewrite to block access to the zip files...
But if you really don't want anyone to touch that folder, the one true-and-tried solution (also recommended for your code) is this:
Move the folder above the web root.
You can still access it in your code, but the rest of the world won't be able to touch it.
Regarding storage, there are many ways to approach it. There is nothing to keep you for instance from storing the zip files as blobs in a database (on your server or a different one) that users can search.
Upvotes: 2
Related Questions
- how to enable .zip extension in server
- Only allow zip file uploads
- prevent direct download of zip, tar files through URL
- PHP - read zip file contents without saving on server
- htaccess mod_rewrite conflicting with zip file behavior
- How to disallow zip files on CentOS?
- force download restricted zip file with php
- How to limit access to .zip files to all but a specific folder with .htaccess
- htaccess or other method to prevent zip file download?
- Zipping .htaccess files