Reputation: 1164
htaccess securing files from being accessed by users
So, I'm sure this question gets asked quite a lot around here, but after a good 20 mins searching, I haven't been able to find any questions that produce the correct result.
I have files, such as /index.php and /dashboard.php which use resource files such as /framework/assets/stylesheets/index.css etc. What I want to do, is block off the access to any files in the /framework/ directory, but still allow usage of them from index.php and the other respective files. How would I configure my .htaccess file to allow me to do this?
I understand that this may not be possible, but is there any way that the directory /framework/ which includes some PHP files to be hidden from users, but still allowed to be accessed via other PHP scripts using include 'file.php'?
Any help would be very appreciated. Thanks.
Upvotes: 1
Views: 65
Answers (3)
Reputation: 5071
You should't block access to CSS and JavaScript files. If you do so, it means that your site's design is going to break. For include files, try below rules. Place your .htaccess file with below rules in your includes directory you want to forbid access to. These rules allow only $_POST requests on files contained in the directory as well as you can include one file to another restricting the direct access to that include file.
<LimitExcept POST>
order deny,allow
deny from all
</LimitExcept>
Upvotes: 1
Reputation: 106
Since you want to have a css file only available when the specific php script is run you could use a include directive in php and embed this into your other html.
Something like this:
//...
<head>
<style>
<?php
include("/framework/assets/stylesheets/index.css");
?>
</style>
//...
</head>
//...
php-files aren't restricted through htaccess and you include it server side and offer only the stuff you want to the client.
Upvotes: 1
Reputation: 1164
As stated in the comments to the original question by Magnus Eriksson, to achieve the effect that I wanted to with CSS files, JS files, and other resource files is something that cannot be done, as these files are directly fetched by the HTML, and therefore use http requests.
The PHP files however are able to be protected, by placing a .htaccess file in the /framework/ directory with the content of:
deny from all
To grant access to the resource's in /framework/assets/, All that needed to be done was to add another .htaccess file with allow from all written inside.
Simple answer to a simple question.
Documentation for further use: https://httpd.apache.org/docs/2.2/howto/access.html
Upvotes: 0
Related Questions
- How to prevent users from accessing files directly from url?
- Using PHP/Apache to restrict access to static files (html, css, img, etc)
- Restrict access to directory for users
- Prevent direct url access to files
- Protect php files from direct access
- Using htaccess to protect files
- How to restrict access to a file or files using .htaccess?
- Secure files with .htaccess
- Help securing files access with htaccess and php?
- Protecting HTML files with .htaccess