Reputation: 309
Allow PHP file_get_contents but restrict all other public access to directory
I have a directory of PDF files that nobody should be able to access, however the directory must remain in the webroot. I use file_get_contents to access the PDF files for use in my PHP scripts (ie. base64_encoding and protected downloads).
I have tried different combinations of the following in my .htaccess located inside the directory, but it either restricts all access, causing the PHP script to fail, or allows full access for all users.
order deny,allow
deny from all
allow from localhost
satisfy any
All PDF files have -rw-r--r-- permissions and are owned by apache user.
What should I put in my .htaccess file to prevent users from accessing the directory but allowing PHP scripts access?
Upvotes: 1
Views: 3095
Answers (1)
Reputation: 1084
If you're doing this: file_get_contents('http://www.example.com/pdfs/mypdf.pdf') then it's using http. If you're doing this: file_get_contents('/public_html/pdfs/mypdf.pdf') then it isn't. Denying all in htaccess and using file_get_contents on a local path would meet your requirements as long as your code and pdfs reside on the same file system. (Moved from comments...)
Upvotes: 4
Related Questions
- Deny access to one specific folder in .htaccess
- Block direct access to a file over http but allow php script access
- Deny for all php files, but allow specific folder with php files
- Using htaccess, how to restrict seeing directory contents, but allow server to use the contents?
- Block direct access to .php but allow AngularJS $http requests
- Deny access to all files in a directory unless a specific php page is referrer
- Allow access to "Deny from all" directory
- Restrict access to PHP files in /lib but allow other files to call them (lighttpd)
- How to restrict access to directory on server, using PHP logic?
- Deny access to all PHP files in a directory using .htaccess