Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 258
  • Last Modified:

Is there any way to restrict the downloading of files within a subfolder using special .htaccess rules?

We have a bunch of client files sitting in a "uploads" folder on our Apache-based site.  Although the directory itself is NOT browseable (403 forbidden - Directory Listing not allowed) ... the client has become concerned that the files themselves might be compromised somehow, .. or indexed by search engines.

Is there any way that we can apply special .htaccess rules to that uploads folder so that the files contained within it can only be downloaded using a PHP script (or something like that)?  We're just looking for a way to secure those files somehow -- without having to reprogram the site so that the file uploads are stored and served up from outside the site root.  Please advise.

Thanks
- Yvan
0
egoselfaxis
Asked:
egoselfaxis
  • 2
1 Solution
 
Ray PaseurCommented:
For the most safety, move the directory outside of the WWW root.  But that said, if your server returns a 403 forbidden to browsers, you are also returning a 403 forbidden to search engines.  No compromise is likely at all since you're not sending the data -- just the "forbidden" headers.
0
 
Ess KayEntrapenuerCommented:
here is some info for it

http://www.javascriptkit.com/howto/htaccess.shtml

hope it helps
0
 
torakeshbCommented:
Refer to the article http://www.experts-exchange.com/OS/Linux/A_8789-How-websites-can-be-redirected.html. You may need some customization as per your requirement
0
 
Ray PaseurCommented:
Was there something wrong with this answer?  Why did you mark it down to a "B"?  What was missing?
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now