Jump to content

Apache htaccess and PHP script access


omikron

Recommended Posts

Hello

 

Currently I am confused about how I can secure my files from stealing, but still able to access them through scripts.

 

My website is constructed that I have root folder, which has eg. script.php. And then I have images -folder and all images in there.

 

Problem is that I need to block images folder fully, because of security and stop thievery. I have done this with htaccess and typed files * + deny from all.

 

Now I still need to have access to the files via PHP scripts. Idea is to show images that they are "loaded" the script.php file. How I can do this?

 

It would be nice that php file just can use: echo "<img src="blocked_folder/image.format">"; Is there any htaccess rule how I can add that allow from script.php or similar?!

Link to comment
Share on other sites

The .htaccess file blocks http/https requests. This means a browser or a remote bot script cannot directly browse to the file, nor can they fetch it when it appears in an <img src="url_of_image_file" alt=""> tag. This is what you want to prevent direct access.

 

What you need to do is have a .php script that "dynamically" outputs the image. For example, call this file image.php The image.php script verifies what ever conditions you set to allow access, such as someone being logged in or having correctly entered a CAPTCHA phrase. A GET parameter is often used to specific which image to output, something like image.php?id=345

 

You would then use this as follows -

 

<img src="image.php?id=345" alt="">

 

The image.php file needs to do any verification and protection against unauthorized downloading, check which image was specified, then output a correct image header("Content-type: image/xxxxxx"); statement that matches the file type, and then read and output the image file.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.