Solved

Restrict access to folders using htaccess

Posted on 2010-08-25
6
339 Views
Last Modified: 2012-05-10
I have a directory that has some php files, inside this directory I have set of php files that I use to include. I want to restrict access to this directory (specially robots) and let my php pages access (pages that need this files, which use "include")

Possible or any suggestion ?
0
Comment
Question by:sahanz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 30

Accepted Solution

by:
Brad Howe earned 167 total points
ID: 33527584
Hi,
If you want to block Robot access, why not add a robots.txt to the directory.

# No robots should visit this site
User-agent: *
Disallow: /
If you are restricting using a .htaccess file, make sure to allow robots to access this file or else they will assume it is allowed.
-Hades666
0
 
LVL 30

Expert Comment

by:Brad Howe
ID: 33527601
Also,
On top of this, /robots.txt is a open file that scanners are looking for in the Home Root.  This is not a security blocker as they can chose to ignore your request to stay away.
Here is some more details. http://www.robotstxt.org/robotstxt.html
In the end, a mix of /robots.txt and .htacess IF you are looking to make it secure would do fine.
-Hades666
 
0
 
LVL 16

Assisted Solution

by:HackneyCab
HackneyCab earned 167 total points
ID: 33527635
Do not use robots.txt for what you are trying to do.

Include files must not be placed into the public_html directory tree. They should be placed in a directory above/outside the public_html directory tree, so that Apache will not serve requests from users for those include files, but PHP will fetch them without problem.

On a shared hosting package, you need to be able to store files in the directory above public_html (or whatever your root-level public directory is named). Suppose your root-level public directory is on your hosting server at:

/data01/sahanz/public_html

then you want to store your PHP include files in a directory such as:

/data01/sahanz/php_includes

This is especially true for data files that PHP is opening with fopen, rather than include (because at least include files that don't produce output will simply return a blank response if you leave them in a public directory, whereas data files will simply be readable by the mischievous public at large).
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 2

Expert Comment

by:Pagefright
ID: 33527878
HackneyCab is offering the best solution, but if you are not able to move the files outside the public directory then you can modify the permissions so that they are still protected from anyone outside the server and use a .htaccess protection as a redundant security precaution.

You can find more about permissions here,
http://www.comptechdoc.org/os/linux/usersguide/linux_ugfilesp.html

You can find more info on how to setup .htaccess here,
http://httpd.apache.org/docs/1.3/howto/htaccess.html

A password generator to create a .htpassword file here,
http://tools.dynamicdrive.com/password/
0
 
LVL 4

Assisted Solution

by:YersiK
YersiK earned 166 total points
ID: 33529042
Define a constant in your primary PHP script file ( usually in index.php ) and then check at the very beginning of every includable file if that constant is defined:

if ( !defined('INCLUDED_CHECK') )
{
    // redirect to index, etc., do whatever you like
}
0
 
LVL 1

Author Closing Comment

by:sahanz
ID: 33643363
Thanks,
0

Featured Post

Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you've heard about htaccess and it sounds like it does what you want, but you're not sure how it works... well, you're in the right place. Read on. Some Basics #1. It's a file and its filename is .htaccess (yes, with a dot in the front). #…
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question