Solved

Restrict access to folders using htaccess

Posted on 2010-08-25
6
344 Views
Last Modified: 2012-05-10
I have a directory that has some php files, inside this directory I have set of php files that I use to include. I want to restrict access to this directory (specially robots) and let my php pages access (pages that need this files, which use "include")

Possible or any suggestion ?
0
Comment
Question by:sahanz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 30

Accepted Solution

by:
Brad Howe earned 167 total points
ID: 33527584
Hi,
If you want to block Robot access, why not add a robots.txt to the directory.

# No robots should visit this site
User-agent: *
Disallow: /
If you are restricting using a .htaccess file, make sure to allow robots to access this file or else they will assume it is allowed.
-Hades666
0
 
LVL 30

Expert Comment

by:Brad Howe
ID: 33527601
Also,
On top of this, /robots.txt is a open file that scanners are looking for in the Home Root.  This is not a security blocker as they can chose to ignore your request to stay away.
Here is some more details. http://www.robotstxt.org/robotstxt.html
In the end, a mix of /robots.txt and .htacess IF you are looking to make it secure would do fine.
-Hades666
 
0
 
LVL 16

Assisted Solution

by:HackneyCab
HackneyCab earned 167 total points
ID: 33527635
Do not use robots.txt for what you are trying to do.

Include files must not be placed into the public_html directory tree. They should be placed in a directory above/outside the public_html directory tree, so that Apache will not serve requests from users for those include files, but PHP will fetch them without problem.

On a shared hosting package, you need to be able to store files in the directory above public_html (or whatever your root-level public directory is named). Suppose your root-level public directory is on your hosting server at:

/data01/sahanz/public_html

then you want to store your PHP include files in a directory such as:

/data01/sahanz/php_includes

This is especially true for data files that PHP is opening with fopen, rather than include (because at least include files that don't produce output will simply return a blank response if you leave them in a public directory, whereas data files will simply be readable by the mischievous public at large).
0
Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

 
LVL 2

Expert Comment

by:Pagefright
ID: 33527878
HackneyCab is offering the best solution, but if you are not able to move the files outside the public directory then you can modify the permissions so that they are still protected from anyone outside the server and use a .htaccess protection as a redundant security precaution.

You can find more about permissions here,
http://www.comptechdoc.org/os/linux/usersguide/linux_ugfilesp.html

You can find more info on how to setup .htaccess here,
http://httpd.apache.org/docs/1.3/howto/htaccess.html

A password generator to create a .htpassword file here,
http://tools.dynamicdrive.com/password/
0
 
LVL 4

Assisted Solution

by:YersiK
YersiK earned 166 total points
ID: 33529042
Define a constant in your primary PHP script file ( usually in index.php ) and then check at the very beginning of every includable file if that constant is defined:

if ( !defined('INCLUDED_CHECK') )
{
    // redirect to index, etc., do whatever you like
}
0
 
LVL 1

Author Closing Comment

by:sahanz
ID: 33643363
Thanks,
0

Featured Post

What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I imagine that there are some, like me, who require a way of getting currency exchange rates for implementation in web project from time to time, so I thought I would share a solution that I have developed for this purpose. It turns out that Yaho…
If you've heard about htaccess and it sounds like it does what you want, but you're not sure how it works... well, you're in the right place. Read on. Some Basics #1. It's a file and its filename is .htaccess (yes, with a dot in the front). #…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question