Results 1 to 4 of 4

Thread: Ajax File Access but Restriction for Direct Link

  1. #1
    Join Date
    Feb 2006
    Posts
    236
    Thanks
    8
    Thanked 3 Times in 3 Posts

    Default Ajax File Access but Restriction for Direct Link

    1) Script Title: Dynamic Ajax Content

    2) Script URL (on DD): http://www.dynamicdrive.com/dynamici...jaxcontent.htm

    3) Describe problem:

    I have an index.php page that displays a large number of files. However, the files can be accessed by a direct link. Can I chmod the permissions to let the server supply the files but leave them world inaccessable, or whatelse can I do?

  2. #2
    Join Date
    Dec 2004
    Location
    UK
    Posts
    2,358
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    Quote Originally Posted by Strangeplant
    I have an index.php page that displays a large number of files. However, the files can be accessed by a direct link. Can I chmod the permissions to let the server supply the files but leave them world inaccessable, or whatelse can I do?
    If you expect the browser to access those files using AJAX (the reason why I assume you even mentioned it), then no, not a chance. If, however, if you're trying to route those files through your PHP file, then there are at least two options.

    The first is to place the files outside the document root where the server won't look, but PHP can still reach. Sometimes, when you log in using FTP, you don't enter at the highest directory, but one level down. If your host has given you the right permissions, you can create new directories or upload files to that top-level directory.

    The second is to mark the files as forbidden (HTTP status code 403) by modifying the server configuration or through a .htaccess file (or equivalent). You might store the files in a certain directory and mark the entire thing as forbidden, or you might use a Files or FilesMatch (in an Apache or compatible server) directive to be more selective.

    Mike

  3. #3
    Join Date
    Feb 2006
    Posts
    236
    Thanks
    8
    Thanked 3 Times in 3 Posts

    Default

    Can you tell me more about how I would configure the .htaccess file, please?

  4. #4
    Join Date
    Dec 2004
    Location
    UK
    Posts
    2,358
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    To prevent access through HTTP for all contents of a directory, simply apply

    Code:
    Deny from all
    to that directory. With a .htaccess file, the directive above is all that it need contain. In the server configuration, you'd use a Directory directive to select the directory, first:

    Code:
    <Directory /path/to/directory>
        Deny from all
    </Directory>
    To affect a particular file, or files with a single extension, you'd use the Files directive:

    Code:
    <Files filename>
        Deny from all
    </Files>
    
    <Files *.ext>
        Deny from all
    </Files>
    For multiple extensions, or for filenames that match a particular pattern, use the FilesMatch directive which uses regular expressions:

    Code:
    <FilesMatch "\.(gif|jpe?g|png)$">
        Deny from all
    </FilesMatch>
    The above would restrict all .gif, .jpg, .jpeg, and .png files.

    Again, in the server configuration, the Directory would be used in combination with the Files(Match) directive to be specific to a certain directory. There's also a DirectoryMatch directive that operates similarly to FilesMatch. Remember that a .htaccess file will affect the directory that it's in, plus all descendant directories.

    Mike

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •