Jump to content

When .htaccess can't protect a file


Recommended Posts

Based on everything I've read and tried you can't do it. You can deny a directory listing, you can completely deny access to the files in a directory based on many things like IP, user etc. and you can allow access too.


... but you cannot both allow a web visitor to access an image or data file through html and php and simultaneously deny them direct access to that same file through a browser. For individual files, .htaccess allows access or it doesn't. Web visitors can do a "view source" to see the image or data file and then just type the URL to it.

Link to comment
Share on other sites

And you have a question? You can quite easily write a php script which acts as an image. Serving up whatever images are passed to it via $_GET[].


I was hoping someone would prove me wrong but your workaround might do the job. Do you have an example?


I'm actually trying to protect a data file from direct access. This is similar to but not exactly the same as the bandwidth-image stealing issue.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.