Link to Files above Root

**JohnKirk** · 10-06-2013, 11:49 AM

Hi, Please bear with me as this is my first ever entry on my first ever forum!!

I've probably missed something really simple / obvious!

I intend to create a website where certain files are only accessible via a username & Password.

I have use the information found within Dynamic Drive to create a .htaccess and a .htpasswd file

I've used the .htaccess , htpasswd files to indicatate which files within a certain directory ('test') require password protection.

I've correctly named them / up;loaded them as ascii etc. (to a directory above my root directory.)

If the files I need password access to were in my normal directory, then anyone could simply access them via their browser.

Sitting above the root prevents them from being seen - but how do I link to them from my site?

i.e. once in the the page reached via a password, then linking back to the main site would be easy (as I'd just use the full path).

But if one on my normal pages has a link which says that a certain page can only be reached via a password - then how do I link users to thaat page?

Kind Regards,

John

**jscheuer1** · 10-06-2013, 01:02 PM

Sometimes there's confusion about what's above and what's below. Generally, above is the parent folder. If that's what you mean -

Above the root isn't available to anyone except you and your host.

If the files are in the root of the domain and you have an index file, no files will be seen, if a user navigates to the root, the index file will load. This is true in any folder from the root on down. And if the index file itself requires a password, they won't be able to even load that unless they have the password.

If your talking about a child folder of the root, that's simple, just:

/foldername/filename.ext

**traq** · 10-06-2013, 04:48 PM

This:

Originally Posted by JohnKirk

I've correctly named them / up;loaded them as ascii etc. (to a directory above my root directory.)

If the files I need password access to were in my normal directory, then anyone could simply access them via their browser.

Sitting above the root prevents them from being seen - but how do I link to them from my site?

(the way I read it, anyway) implies that you did upload those files "above" your document root (e.g., if your doc root is /home/users/public_html/, you uploaded your files to something like /home/users/test/). Is this correct?

Originally Posted by JohnKirk

But if one on my normal pages has a link which says that a certain page can only be reached via a password - then how do I link users to thaat page?

As John says, if the files really are "above" your document root, you cannot link to them. They are inaccessible from the web; your only option is to create a page inside your doc root that can access and include/download/whatever those files.

On the other hand, if you are using .htpasswd, there's no reason your password-protected directory needs to be "above" the document root.
Put it somewhere in your doc root and link to it like you would with any other URL; when someone follows the link they will be asked for their username+password.

**JohnKirk** · 10-12-2013, 11:00 PM

Hi guys, thanks for the advice. I think I've now got my head around the .htacces/.htpasswd set up.
You're quite right - I did initially load the files "above" my document root (i.e. my doc root is /home/users/public_html/, and I uploaded my files to home/users/test/). - My thinking was that I didn't want users to be able to see the password file.

To test it all worked - I put the .htaccess file, the .htpasswd file and another file into the folder I wanted to protect ('test'). I then tried linking to the file within the 'test' folder - and sure enough I was directed to a page that asked for a userid and a password . (So far so good). But after entering the correct userid/password i didn't successfully navigate to my test page. I got a message saying "Internal server error" Not sure what I did wrong / need to do next ............... ?