How could I make a directory on a server inaccessible to the public by the url but accessible to php code on the same website?

Question

So I have www.mydomain.com

Under that domain I have a directory, lets call it www.mydomain.com/secrets

I have php scripts that access stuff in the /secrets directory (zip files mainly), how could I make all files in that directory still work with the php scripts but if someone went to www.mydomain.com/secrets/file.txt they wouldn't see the file.

problem with the dupe is its using legacy code – Jan 22 '18 at 01:05 — , Jan 22 '18 at 01:05

score 3 · Answer 1 · edited Jan 22 '18 at 00:46

3

Assuming you're using Apache (I haven't seen an installation of PHP with cPanel that doesn't have it, but I might not be so worldly), then .htaccess file in the specific directory is a good bet.

Create a file named .htaccess inside the directory where you want to restrict public access, and give it the following contents:

If on Apache 2.2

Order deny,allow
Deny from all

If on Apache 2.4

Require all denied

edited Jan 22 '18 at 00:46

RiggsFolly

93,638
21
103
149

answered Jan 22 '18 at 00:45

e_i_pi

4,590
4
27
45

is `Order` required in this case? – Jan 22 '18 at 00:51
Possibly not, force of habit – e_i_pi Jan 22 '18 at 00:51
fair enough, simply curious, i cant see anything definitive in the docs, i could of course just test it :-) – Jan 22 '18 at 00:54

How could I make a directory on a server inaccessible to the public by the url but accessible to php code on the same website?

1 Answers1