Website File Security

Posted on 2009-12-16
Last Modified: 2013-11-16
We have a web site with a "portal" that allows authorized clients to access proprietary documents stored as files on the web server.

We presently have a script (provided by an EE expert) that allows us to download the files in php.

All of this works good.

We want to PREVENT web visitors from accessing the files in their "home" directory on our server by just typing

The server is Apache.

How can we use directory / file protections and/or .htaccess to prevent this but still let php scripts access the follder & the files therein?
Question by:Richard Korts
    LVL 11

    Expert Comment


    I think that this will do the work:

    Options -Indexes 
    chmod 755

    Open in new window

    LVL 11

    Expert Comment

    PD: The Code Snippet if for the .htaccess in the "home" directory that you  want to prevent web visitors from accessing to it.

    Author Comment

    by:Richard Korts
    To VanHackman:

    By "home" do you mean the directory with the files in it or the "root"?

    LVL 11

    Accepted Solution


    The directory with the files in it.

    And, I had a little mistake, the correct configuration is:

    Options -Indexes 
    chmod 755 *

    Open in new window

    LVL 34

    Expert Comment

    by:Beverley Portlock
    Apache provides protection against linking to files that have not been referenced from a page in the domain. PHP can still get hold of them either by you producing a page for an authorised login which contains links to the files or else via the file system.

    Try it and see if it does what you need, it should only take a few minutes to try it out.

    Author Closing Comment

    by:Richard Korts
    Does the job EXACTLY.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    Suggested Solutions

    This article will explain how to display the first page of your Microsoft Word documents (e.g. .doc, .docx, etc...) as images in a web page programatically. I have scoured the web on a way to do this unsuccessfully. The goal is to produce something …
    Foreword (July, 2015) Since I first wrote this article, years ago, a great many more people have begun using the internet.  They are coming online from every part of the globe, learning, reading, shopping and spending money at an ever-increasing ra…
    The viewer will learn how to dynamically set the form action using jQuery.
    The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now