SitePoint Sponsor

User Tag List

Results 1 to 2 of 2
  1. #1
    SitePoint Enthusiast
    Join Date
    Feb 2006
    Bel Air, Maryland.
    0 Post(s)
    0 Thread(s)

    Prevent direct file access on a site using PHP authentication

    Hey all, I'm looking for solutions/recommendations for protecting direct access to files from non-authenticated users.

    I'm using a custom PHP/MySQL authentication where I have an include on every PHP page checking the users credentials (stored in a PHP session) and providing access. However, this isn't efficient for files such as images or videos that could be accessed directly by any user, effectively bypassing the PHP auth.

    I've implemented an additional PHP script that serves our sensitive files from outside the web root, which works great, but I'm looking for a solution to protect these misc files inside the web root whether it be a PHP solution, mod_rewrite, Apache modules, etc.

    Thanks in advance for your time!
    Paul S. Smith
    technetic | design & code

  2. #2
    SitePoint Zealot
    Join Date
    Oct 2008
    0 Post(s)
    0 Thread(s)
    Anything that you don't want to be accessible on the Internet or that you want to restrict access to, should be placed outside of your DocumentRoot on your account. That's the best way to work this.

    With a PHP script, it can still access files that are outside your DocumentRoot. The PHP script would act as a kind of "middle-man" between the website visitor and the restricted file.
    CanisHosting - Web Hosting plans starting at $3.95 per month

Tags for this Thread


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts