Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How can I block direct access to my JavaScript files?

Tags:

javascript

php

minify

I use Minify to minify and cache all my script requests. I only want my users to be able to access the minified versions of the JavaScript files.

Minify lies at www.example.com/min and my scripts are at www.example.com/scripts. How can I block direct access to doc_root/scripts which is where my unminified JavaScript files lie. I'd rather not put them out of the document root but it's an option.

Please note that I'm using Zend Framework, so the actual root of my application is shifted to www.example.com/public. An htaccess file handles the rewrite.

like image 774
Chris Laplante Avatar asked Jun 13 '11 20:06

Chris Laplante

People also ask

How do I restrict JavaScript download?

Sadly there isn't a definite way to stop people downloading the JS files, CSS files or image files from your website as these are executed within the browser, the best you can do is to try and minify or obfuscate the files in such a way that they become near impossible to read and therefore use or copy.

2 Answers

Can't you just use an .htaccess file inside doc_root/scripts to prevent all access over the web to .js files over HTTP?

It won't stop minify, since that provides indirect access.

So in doc_root/scripts/.htaccess, something along the lines of

<Files ~ "\.js$">
    order allow,deny
    deny from all
</Files>

Note that the location of the .htaccess file matters in this case.

like image 142
Darien Avatar answered Oct 05 '22 07:10

Darien

You effectively can't block end-user facing code. Even if you served it with PHP or another server-side language and blocked direct requests, it's of course still possible to read it directly with a number of tools.

You should code with this in mind and be mindful with javascript comments, business knowledge, etc.

UPDATE:

However, if you're talking about code that doesn't ever need to be accessed by an end-user, you could as you mentioned move it out of the server root, or you can block the files in your directory (or an entire directory). It's easy with Apache's .htaccess.

order deny, allow
deny from all

You could also redirect the source files to the minified versions with mod_rewrite in your .htaccess file.

RewriteEngine On
RewriteRule /scripts/(.*)$ /min/$1 [L,NC]
like image 34
dtbarne Avatar answered Oct 05 '22 06:10

dtbarne
Sign in to Comment

Related questions

interact with an interface?
Can I use two where clauses, like "SELECT * FROM table WHERE something and something"?
How to integrate Wordpress into Kohana 3
Open payment gateway libraries for Java, Python, Ruby, Node.JS, and PHP
PHP and Apache environment variables
PHP CMS with powerful in-place editing? [closed]
How can I create a specified amount of random values that all equal up to a specified number in PHP?
How to Zend Framework with Propel ORM
Advantages of using Doctrine for PHP?
How to show php-files as plain text in Apache
How does single sign-on (SSO) work with PHP + Apache against an Active Directory for transparent authentication?
global array in php
How to make PHP more Javatized (aka strongly typed, more robust)?
How can I force PHP to use the libiconv version of iconv instead of the CentOS-installed glibc version?
Return HTML or build HTML using javascript?
memory usage of a PHP array when adding a huge numeric key
The point of public/private variables and functions?
get file where class has been declared/required from
Is there any way to catch MySQL and database errors in PHP?
codeigniter instance of model class

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!