This topic is 3960 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

Recommended Posts

Hi everyone. I've got a bit of a problem (for me anyway seeing as I know very little about the workings of .htaccess). Essentially I am going to have a series of directories containing text files. I dont want anyone to be able to access these text files directly via the url (i.e. if they type http://www.mysite.com/files/user/file.txt I want an error to be displayed), However, I do wish to allow certain files (namely 2 particular .php and .swf files) to have full access to the .txt files so they can read and output them. The .php and .swf files will be sitting in the root of the server. Does anyone have any suggestions? I appreciate any help offered.

Share on other sites
I don't think that's possible.

The PHP files is easy. .htaccess file blocking only blocks HTTP requests to the files, not regular local filesystem access. The PHP is run on the server. That means that they access the files locally so a .htaccess file doesn't stop them. So far, so good.

The SWF is a problem however. I presume that the SWF is sent to the client to be run in the browser, then opens a HTTP connection back to the server to fetch the TXT files (AJAX style). If so, it will be blocked by the .htaccess file. There is no way to set it up in such a way that the SWF can fetch the files over HTTP while a browser cannot. At least, not in such a way that is trivially to hack around by anyone with a little understanding of a HTTP request and a half-decent packet sniffer.

There are solutions, but they're a lot more complicated than a few .htaccess rules.

Share on other sites
An .htaccess file containing something along the lines of:

<FilesMatch "\.(txt)\$">order deny, allowdeny from all</FilesMatch>

should work. Though, it's probably better to do it from within a directory directive if you have access to the apache configuration.

You can also add an "allow from 10.10.10.12" (or whatever your server's ip is) to explicitly allow the server to access the files locally. However, that's probably unnecessary even for the AJAX thing - the client would just make the request to your php gateway which then has filesystem access to your text files already.

1. 1
2. 2
Rutin
21
3. 3
A4L
15
4. 4
5. 5
khawk
14

• 13
• 26
• 10
• 11
• 44
×