[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Website File Security

Posted on 2009-12-16
6
Medium Priority
?
210 Views
Last Modified: 2013-11-16
We have a web site with a "portal" that allows authorized clients to access proprietary documents stored as files on the web server.

We presently have a script (provided by an EE expert) that allows us to download the files in php.

All of this works good.

We want to PREVENT web visitors from accessing the files in their "home" directory on our server by just typing www.misite.com/foldername/filename.

The server is Apache.

How can we use directory / file protections and/or .htaccess to prevent this but still let php scripts access the follder & the files therein?
0
Comment
Question by:Richard Korts
  • 3
  • 2
6 Comments
 
LVL 11

Expert Comment

by:VanHackman
ID: 26064513

I think that this will do the work:



 
Options -Indexes 
chmod 755

Open in new window

0
 
LVL 11

Expert Comment

by:VanHackman
ID: 26064561
PD: The Code Snippet if for the .htaccess in the "home" directory that you  want to prevent web visitors from accessing to it.
0
 

Author Comment

by:Richard Korts
ID: 26064590
To VanHackman:

By "home" do you mean the directory with the files in it or the "root"?

Thanks
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 11

Accepted Solution

by:
VanHackman earned 2000 total points
ID: 26064643

The directory with the files in it.

And, I had a little mistake, the correct configuration is:


Options -Indexes 
chmod 755 *

Open in new window

0
 
LVL 34

Expert Comment

by:Beverley Portlock
ID: 26064682
Apache provides protection against linking to files that have not been referenced from a page in the domain. PHP can still get hold of them either by you producing a page for an authorised login which contains links to the files or else via the file system.

Try it and see if it does what you need, it should only take a few minutes to try it out.

http://altlab.com/htaccess_tutorial.html
0
 

Author Closing Comment

by:Richard Korts
ID: 31666872
Does the job EXACTLY.
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article discusses how to create an extensible mechanism for linked drop downs.
There are times when I have encountered the need to decompress a response from a PHP request. This is how it's done, but you must have control of the request and you can set the Accept-Encoding header.
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question