?
Solved

Restrict access to folders using htaccess

Posted on 2010-08-25
6
Medium Priority
?
350 Views
Last Modified: 2012-05-10
I have a directory that has some php files, inside this directory I have set of php files that I use to include. I want to restrict access to this directory (specially robots) and let my php pages access (pages that need this files, which use "include")

Possible or any suggestion ?
0
Comment
Question by:sahanz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 30

Accepted Solution

by:
Brad Howe earned 668 total points
ID: 33527584
Hi,
If you want to block Robot access, why not add a robots.txt to the directory.

# No robots should visit this site
User-agent: *
Disallow: /
If you are restricting using a .htaccess file, make sure to allow robots to access this file or else they will assume it is allowed.
-Hades666
0
 
LVL 30

Expert Comment

by:Brad Howe
ID: 33527601
Also,
On top of this, /robots.txt is a open file that scanners are looking for in the Home Root.  This is not a security blocker as they can chose to ignore your request to stay away.
Here is some more details. http://www.robotstxt.org/robotstxt.html
In the end, a mix of /robots.txt and .htacess IF you are looking to make it secure would do fine.
-Hades666
 
0
 
LVL 16

Assisted Solution

by:HackneyCab
HackneyCab earned 668 total points
ID: 33527635
Do not use robots.txt for what you are trying to do.

Include files must not be placed into the public_html directory tree. They should be placed in a directory above/outside the public_html directory tree, so that Apache will not serve requests from users for those include files, but PHP will fetch them without problem.

On a shared hosting package, you need to be able to store files in the directory above public_html (or whatever your root-level public directory is named). Suppose your root-level public directory is on your hosting server at:

/data01/sahanz/public_html

then you want to store your PHP include files in a directory such as:

/data01/sahanz/php_includes

This is especially true for data files that PHP is opening with fopen, rather than include (because at least include files that don't produce output will simply return a blank response if you leave them in a public directory, whereas data files will simply be readable by the mischievous public at large).
0
WordPress Tutorial 3: Plugins, Themes, and Widgets

The three most common changes you will make to your website involve the look (themes), the functionality (plugins), and modular elements (widgets).

In this article we will briefly define each again, and give you directions on how to install them.

 
LVL 2

Expert Comment

by:Pagefright
ID: 33527878
HackneyCab is offering the best solution, but if you are not able to move the files outside the public directory then you can modify the permissions so that they are still protected from anyone outside the server and use a .htaccess protection as a redundant security precaution.

You can find more about permissions here,
http://www.comptechdoc.org/os/linux/usersguide/linux_ugfilesp.html

You can find more info on how to setup .htaccess here,
http://httpd.apache.org/docs/1.3/howto/htaccess.html

A password generator to create a .htpassword file here,
http://tools.dynamicdrive.com/password/
0
 
LVL 4

Assisted Solution

by:YersiK
YersiK earned 664 total points
ID: 33529042
Define a constant in your primary PHP script file ( usually in index.php ) and then check at the very beginning of every includable file if that constant is defined:

if ( !defined('INCLUDED_CHECK') )
{
    // redirect to index, etc., do whatever you like
}
0
 
LVL 1

Author Closing Comment

by:sahanz
ID: 33643363
Thanks,
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your site has a few sections that need to be secure when data is transmitted between the server and local computer, such as a /order/ section for ordering or /customer/ which contains customer data, etc it would of course be recommended to secure…
This article discusses four methods for overlaying images in a container on a web page
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to count occurrences of each item in an array.
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question