Using .htaccess, prevent users from accessing resource directories, and yet allow the sourcecode access resources
To prevent someone to view your images directory, you need to disallow Directory Listing
.
http://viralpatel.net/blogs/htaccess-directory-listing-enable-disable-allow-deny-prevent-htaccess-directory-listing/
You cannot use deny from all
, because nothing can be loaded from that directory from a web browser, so your images which you load with on your website won't load either.
Options -Indexes
will disallow people to list files in your images directory. Please see http://viralpatel.net/blogs/htaccess-directory-listing-enable-disable-allow-deny-prevent-htaccess-directory-listing/
For securing data from being viewed by people who shouldn't you can use a authentication. You can setup a login field with htaccess, or script one with, for example PHP or python.
Login script with htaccess: Script: http://www.htaccesstools.com/htpasswd-generator/ Password file: http://www.htaccesstools.com/htaccess-authentication/
Starkers
Updated on July 04, 2022Comments
-
Starkers almost 2 years
Apologies if my question is unclear, but I'm not quite up with the jargon. By 'resource directories' I mean my css, php scripts, images, javascript ect.
I used an .htaccess file in my images directory that contained
deny from all
to do this. Though this prevented people from typing "www.example.com/images" into their browser and accessing my images directory, the images stopped appearing on my website.
I assume this is because the .htaccess file is even denying my source code from accessing the images. How can I let my source code access directories? I also have a cron job running a php script every night. The cron job also needs to be allowed to access the scripts directory.
Also, is using .htaccess files even the best way to secure a site?
-
Starkers about 11 yearsThanks, Options -Indexes is good for stopping people from entering directories. However, they can still access files if they know the path, which I want to prevent them doing. Is there anyway to achieve this without using the login script? I mean, it's only the source code that is accessing the files, not a group of users. How would this work with a cron job?
-
ivodvb about 11 yearsThere is no way to prevent direct access to the files, because direct access is needed to even show the image.. Do you want to prevent hotlinking? Because that's possible.. Please see altlab.com/htaccess_tutorial.html and for a generator: htaccesstools.com/hotlink-protection