Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Using .htaccess, prevent users from accessing resource directories, and yet allow the sourcecode access resources

Apologies if my question is unclear, but I'm not quite up with the jargon. By 'resource directories' I mean my css, php scripts, images, javascript ect.

I used an .htaccess file in my images directory that contained

deny from all

to do this. Though this prevented people from typing "www.example.com/images" into their browser and accessing my images directory, the images stopped appearing on my website.

I assume this is because the .htaccess file is even denying my source code from accessing the images. How can I let my source code access directories? I also have a cron job running a php script every night. The cron job also needs to be allowed to access the scripts directory.

Also, is using .htaccess files even the best way to secure a site?

like image 540
Starkers Avatar asked Mar 12 '13 19:03

Starkers


1 Answers

To prevent someone to view your images directory, you need to disallow Directory Listing. http://viralpatel.net/blogs/htaccess-directory-listing-enable-disable-allow-deny-prevent-htaccess-directory-listing/

You cannot use deny from all, because nothing can be loaded from that directory from a web browser, so your images which you load with on your website won't load either.

Options -Indexes will disallow people to list files in your images directory. Please see http://viralpatel.net/blogs/htaccess-directory-listing-enable-disable-allow-deny-prevent-htaccess-directory-listing/

For securing data from being viewed by people who shouldn't you can use a authentication. You can setup a login field with htaccess, or script one with, for example PHP or python.

Login script with htaccess: Script: http://www.htaccesstools.com/htpasswd-generator/ Password file: http://www.htaccesstools.com/htaccess-authentication/

like image 166
ivodvb Avatar answered Sep 28 '22 02:09

ivodvb