Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Restrict access to folders using htaccess

Posted on 2010-08-25
6
Medium Priority
?
398 Views
Last Modified: 2012-05-10
I have a directory that has some php files, inside this directory I have set of php files that I use to include. I want to restrict access to this directory (specially robots) and let my php pages access (pages that need this files, which use "include")

Possible or any suggestion ?
0
Comment
Question by:sahanz
6 Comments
 
LVL 30

Accepted Solution

by:
Brad Howe earned 668 total points
ID: 33527584
Hi,
If you want to block Robot access, why not add a robots.txt to the directory.

# No robots should visit this site
User-agent: *
Disallow: /
If you are restricting using a .htaccess file, make sure to allow robots to access this file or else they will assume it is allowed.
-Hades666
0
 
LVL 30

Expert Comment

by:Brad Howe
ID: 33527601
Also,
On top of this, /robots.txt is a open file that scanners are looking for in the Home Root.  This is not a security blocker as they can chose to ignore your request to stay away.
Here is some more details. http://www.robotstxt.org/robotstxt.html
In the end, a mix of /robots.txt and .htacess IF you are looking to make it secure would do fine.
-Hades666
 
0
 
LVL 16

Assisted Solution

by:HackneyCab
HackneyCab earned 668 total points
ID: 33527635
Do not use robots.txt for what you are trying to do.

Include files must not be placed into the public_html directory tree. They should be placed in a directory above/outside the public_html directory tree, so that Apache will not serve requests from users for those include files, but PHP will fetch them without problem.

On a shared hosting package, you need to be able to store files in the directory above public_html (or whatever your root-level public directory is named). Suppose your root-level public directory is on your hosting server at:

/data01/sahanz/public_html

then you want to store your PHP include files in a directory such as:

/data01/sahanz/php_includes

This is especially true for data files that PHP is opening with fopen, rather than include (because at least include files that don't produce output will simply return a blank response if you leave them in a public directory, whereas data files will simply be readable by the mischievous public at large).
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 2

Expert Comment

by:Pagefright
ID: 33527878
HackneyCab is offering the best solution, but if you are not able to move the files outside the public directory then you can modify the permissions so that they are still protected from anyone outside the server and use a .htaccess protection as a redundant security precaution.

You can find more about permissions here,
http://www.comptechdoc.org/os/linux/usersguide/linux_ugfilesp.html

You can find more info on how to setup .htaccess here,
http://httpd.apache.org/docs/1.3/howto/htaccess.html

A password generator to create a .htpassword file here,
http://tools.dynamicdrive.com/password/
0
 
LVL 4

Assisted Solution

by:YersiK
YersiK earned 664 total points
ID: 33529042
Define a constant in your primary PHP script file ( usually in index.php ) and then check at the very beginning of every includable file if that constant is defined:

if ( !defined('INCLUDED_CHECK') )
{
    // redirect to index, etc., do whatever you like
}
0
 
LVL 1

Author Closing Comment

by:sahanz
ID: 33643363
Thanks,
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
Suggested Courses

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question