Reputation: 335
htaccess directory issues
I'm trying to keep a folder private, but allow an html file to access what's contained in that file.
For example, a .htaccess in the private folder contains
order deny,allow
deny from all
allow from 127.0.0.1
Inside, there is an image named 'hidden.jpg'
Outside the private folder, I want to make an html file with the line
<img src='private/hidden.jpg'>
Unfortunately, I cannot see the image. Any ideas on a better way to do this? I also tried putting the file outside the web directory and grabbing it with file_get_contents(), but this does not grab the entire file correctly (the HTML5 video player breaks when playing .ogv files accessed in this way)
Any help is much appreciated.
Upvotes: 0
Views: 891
Answers (3)
Reputation: 15113
You have to remember that HTACCESS is server-sided. And HTML request (such as an IMG tag) is client-sided, meaning it's a completely different HTTP request altogether to get that image tag. Allowing from 127.0.0.1 is allowing the server to open it, but not any clients (since the browser, unless on the server, will always be another IP address).
Your HTACCESS code there will only allow the image to be accessed by the server (which is pointless). HTACCESS is to filter/control/edit HTTP requests, which are what the browser makes. As it is, your HTACCESS configuration right there won't allow anyone to view the image.
What you're trying to accomplish is impossible; the server won't know which request is from which HTML file, and there will always, always, always be ways to spoof that request into letting someone access that image.
Upvotes: 0
Reputation: 949
Old question, but this may help someone. If you add an .htaccess file to the directory and put this inside it:
Options -Indexes
It will allow you to access the contents of the directory by individual URL, but not view the directory itself.
Upvotes: 0
Reputation: 8910
Trying to access a file via an HTML document is the same as accessing it directly. If you can't access it directly, you won't be able to put it in an <img> tag, either.
How big is the .ogv file? file_get_contents() will fail if the file is too big, because it tries to read the entire file into memory. Try readfile().
But I'm still not sure what you're trying to achieve here. Even if you used a simple PHP script to grab a file from outside of the web directory, anyone who knew the path to that PHP script would be able to grab that file just as easily as if it were publicly available. Is it behind some sort of login?
Upvotes: 1
Related Questions
- Getting file and folder issues using htaccess file in PHP
- htaccess do not allow to access a file
- htaccess directory to file issue
- Directory access in .htaccess
- PHP how to access files in a folder protected by htaccess
- htaccess issue when i try to access a directory
- apache AccessFileName .htaccess error
- Private folder in PHP?
- Mod Rewrite show private file access denied
- .htaccess not allowing access to files in a directory