Regular Coders
Ajax File Access but Restriction for Direct Link
1) Script Title: Dynamic Ajax Content
2) Script URL (on DD): http://www.dynamicdrive.com/dynamici...jaxcontent.htm
3) Describe problem:
I have an index.php page that displays a large number of files. However, the files can be accessed by a direct link. Can I chmod the permissions to let the server supply the files but leave them world inaccessable, or whatelse can I do?
Elite Coders
If you expect the browser to access those files using AJAX (the reason why I assume you even mentioned it), then no, not a chance. If, however, if you're trying to route those files through your PHP file, then there are at least two options.Originally Posted by Strangeplant
The first is to place the files outside the document root where the server won't look, but PHP can still reach. Sometimes, when you log in using FTP, you don't enter at the highest directory, but one level down. If your host has given you the right permissions, you can create new directories or upload files to that top-level directory.
The second is to mark the files as forbidden (HTTP status code 403) by modifying the server configuration or through a .htaccess file (or equivalent). You might store the files in a certain directory and mark the entire thing as forbidden, or you might use a Files or FilesMatch (in an Apache or compatible server) directive to be more selective.
Mike
Regular Coders
Can you tell me more about how I would configure the .htaccess file, please?
Elite Coders
To prevent access through HTTP for all contents of a directory, simply apply
to that directory. With a .htaccess file, the directive above is all that it need contain. In the server configuration, you'd use a Directory directive to select the directory, first:Code:Deny from all
To affect a particular file, or files with a single extension, you'd use the Files directive:Code:<Directory /path/to/directory> Deny from all </Directory>
For multiple extensions, or for filenames that match a particular pattern, use the FilesMatch directive which uses regular expressions:Code:<Files filename> Deny from all </Files> <Files *.ext> Deny from all </Files>
The above would restrict all .gif, .jpg, .jpeg, and .png files.Code:<FilesMatch "\.(gif|jpe?g|png)$"> Deny from all </FilesMatch>
Again, in the server configuration, the Directory would be used in combination with the Files(Match) directive to be specific to a certain directory. There's also a DirectoryMatch directive that operates similarly to FilesMatch. Remember that a .htaccess file will affect the directory that it's in, plus all descendant directories.
Mike
Posting Permissions
Reply With Quote
Bookmarks