Jump to content

When .htaccess can't protect a file


Recommended Posts

Based on everything I've read and tried you can't do it. You can deny a directory listing, you can completely deny access to the files in a directory based on many things like IP, user etc. and you can allow access too.


... but you cannot both allow a web visitor to access an image or data file through html and php and simultaneously deny them direct access to that same file through a browser. For individual files, .htaccess allows access or it doesn't. Web visitors can do a "view source" to see the image or data file and then just type the URL to it.

Link to comment
Share on other sites

And you have a question? You can quite easily write a php script which acts as an image. Serving up whatever images are passed to it via $_GET[].


I was hoping someone would prove me wrong but your workaround might do the job. Do you have an example?


I'm actually trying to protect a data file from direct access. This is similar to but not exactly the same as the bandwidth-image stealing issue.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.