Solved

Restrict access to folders using htaccess

Posted on 2010-08-25
6
305 Views
Last Modified: 2012-05-10
I have a directory that has some php files, inside this directory I have set of php files that I use to include. I want to restrict access to this directory (specially robots) and let my php pages access (pages that need this files, which use "include")

Possible or any suggestion ?
0
Comment
Question by:sahanz
6 Comments
 
LVL 30

Accepted Solution

by:
Brad Howe earned 167 total points
Comment Utility
Hi,
If you want to block Robot access, why not add a robots.txt to the directory.

# No robots should visit this site
User-agent: *
Disallow: /
If you are restricting using a .htaccess file, make sure to allow robots to access this file or else they will assume it is allowed.
-Hades666
0
 
LVL 30

Expert Comment

by:Brad Howe
Comment Utility
Also,
On top of this, /robots.txt is a open file that scanners are looking for in the Home Root.  This is not a security blocker as they can chose to ignore your request to stay away.
Here is some more details. http://www.robotstxt.org/robotstxt.html
In the end, a mix of /robots.txt and .htacess IF you are looking to make it secure would do fine.
-Hades666
 
0
 
LVL 16

Assisted Solution

by:HackneyCab
HackneyCab earned 167 total points
Comment Utility
Do not use robots.txt for what you are trying to do.

Include files must not be placed into the public_html directory tree. They should be placed in a directory above/outside the public_html directory tree, so that Apache will not serve requests from users for those include files, but PHP will fetch them without problem.

On a shared hosting package, you need to be able to store files in the directory above public_html (or whatever your root-level public directory is named). Suppose your root-level public directory is on your hosting server at:

/data01/sahanz/public_html

then you want to store your PHP include files in a directory such as:

/data01/sahanz/php_includes

This is especially true for data files that PHP is opening with fopen, rather than include (because at least include files that don't produce output will simply return a blank response if you leave them in a public directory, whereas data files will simply be readable by the mischievous public at large).
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 2

Expert Comment

by:Pagefright
Comment Utility
HackneyCab is offering the best solution, but if you are not able to move the files outside the public directory then you can modify the permissions so that they are still protected from anyone outside the server and use a .htaccess protection as a redundant security precaution.

You can find more about permissions here,
http://www.comptechdoc.org/os/linux/usersguide/linux_ugfilesp.html

You can find more info on how to setup .htaccess here,
http://httpd.apache.org/docs/1.3/howto/htaccess.html

A password generator to create a .htpassword file here,
http://tools.dynamicdrive.com/password/
0
 
LVL 4

Assisted Solution

by:YersiK
YersiK earned 166 total points
Comment Utility
Define a constant in your primary PHP script file ( usually in index.php ) and then check at the very beginning of every includable file if that constant is defined:

if ( !defined('INCLUDED_CHECK') )
{
    // redirect to index, etc., do whatever you like
}
0
 
LVL 1

Author Closing Comment

by:sahanz
Comment Utility
Thanks,
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this.Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it is …
If you've heard about htaccess and it sounds like it does what you want, but you're not sure how it works... well, you're in the right place. Read on. Some Basics #1. It's a file and its filename is .htaccess (yes, with a dot in the front). #…
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now