: Configuring directory access on a server. .htaccess and alternatives? I have written a small PHP package/site-template (should I say). It contains a directory data/ that contains some important
I have written a small PHP package/site-template (should I say).
It contains a directory data/ that contains some important files that the users should not be able to see.
These file should however be accessible by my PHP scripts. Now ,the question is how can I prevent users from accessing a particular directory on the web.
Can I do this using .htaccess file? If yes, how?
If in case the user is not using Apache, but some other server like nginx or IIS or any other server for that matter. Is there a portable way to do this?
More posts by @Shakeerah822
1 Comments
Sorted by latest first Latest Oldest Best
Yes, you can do this with .htaccess:
Order deny,allow
Deny from all
If you want a portable way to do this, just put the sensitive data outside of your docroot. This is the preferred way to store things like database credentials, temp files/session data, and other things you want to control access to (such as downloadable products if you're selling MP3s or ebooks online).
Edit:
.htaccess is available for nginx, I believe, but it's apparently discouraged.
And, I believe, it's possible to protect the directory using file system permissions if the server is configured to run PHP using suexec. In which case, you ought to be able to set the directory to 400 to allow PHP to read the directory, but not allow direct access by users.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.