PDA

View Full Version : Ajax File Access but Restriction for Direct Link



Strangeplant
09-05-2006, 06:12 PM
1) Script Title: Dynamic Ajax Content

2) Script URL (on DD): http://www.dynamicdrive.com/dynamicindex17/ajaxcontent.htm

3) Describe problem:

I have an index.php page that displays a large number of files. However, the files can be accessed by a direct link. Can I chmod the permissions to let the server supply the files but leave them world inaccessable, or whatelse can I do?

mwinter
09-06-2006, 07:34 PM
I have an index.php page that displays a large number of files. However, the files can be accessed by a direct link. Can I chmod the permissions to let the server supply the files but leave them world inaccessable, or whatelse can I do?

If you expect the browser to access those files using AJAX (the reason why I assume you even mentioned it), then no, not a chance. If, however, if you're trying to route those files through your PHP file, then there are at least two options.

The first is to place the files outside the document root where the server won't look, but PHP can still reach. Sometimes, when you log in using FTP, you don't enter at the highest directory, but one level down. If your host has given you the right permissions, you can create new directories or upload files to that top-level directory.

The second is to mark the files as forbidden (HTTP status code 403) by modifying the server configuration or through a .htaccess file (or equivalent). You might store the files in a certain directory and mark the entire thing as forbidden, or you might use a Files or FilesMatch (in an Apache or compatible server) directive to be more selective.

Mike

Strangeplant
09-06-2006, 08:09 PM
Can you tell me more about how I would configure the .htaccess file, please?

mwinter
09-06-2006, 08:32 PM
To prevent access through HTTP for all contents of a directory, simply apply



Deny from all

to that directory. With a .htaccess file, the directive above is all that it need contain. In the server configuration, you'd use a Directory directive to select the directory, first:



<Directory /path/to/directory>
Deny from all
</Directory>

To affect a particular file, or files with a single extension, you'd use the Files directive:



<Files filename>
Deny from all
</Files>

<Files *.ext>
Deny from all
</Files>

For multiple extensions, or for filenames that match a particular pattern, use the FilesMatch directive which uses regular expressions:



<FilesMatch "\.(gif|jpe?g|png)$">
Deny from all
</FilesMatch>

The above would restrict all .gif, .jpg, .jpeg, and .png files.

Again, in the server configuration, the Directory would be used in combination with the Files(Match) directive to be specific to a certain directory. There's also a DirectoryMatch directive that operates similarly to FilesMatch. Remember that a .htaccess file will affect the directory that it's in, plus all descendant directories.

Mike