0

I am currently building a website in Webmatrix and right now users can access images and files on the server, like this:

localhost:8080/uploads/images/64/facebook_64.png

How can I do it so they cant access these files.

I it helps I am writing in Javascript , CSS and HTML and I won't work with PHP if it is not really necessary.

Kypros
  • 2,997
  • 5
  • 21
  • 27
random-userr
  • 19
  • 6
  • Do you want these images to be seen using the `` tag? – Al.G. Nov 01 '14 at 15:18
  • are you using a user/permissions management plugin? – mike Nov 01 '14 at 15:21
  • A.I.G yes and mike dont now what you mean (i'm new to server managment) – random-userr Nov 01 '14 at 15:26
  • You can restrict certain files by using `.htaccess` if you want to go that route. I.e.: See this Q&A http://stackoverflow.com/q/2182936/ @Liam_Rab3 – Funk Forty Niner Nov 01 '14 at 15:28
  • I know this is beyond the scope of the question, but sometimes starting with a pre-built content management system is better for you because it already addresses user permissions and folder restrictions. These are more secure than ad-hoc projects. So, a user with administrator permissions has unrestricted access, registered users have greater access, unregistered users must register for access. – mike Nov 01 '14 at 15:30

2 Answers2

1

Add a .htaccess file in the top folder that you want no one accessing with the following

order deny,allow
deny from all
allow from 127.0.0.1

Note: This means that you also won't be able to show them to users using img tags or any other method that requires the user to send a request to the image. However, the server can still use them.

Ali
  • 3,479
  • 4
  • 16
  • 31
  • won't that keep the system from using the resources? – mike Nov 01 '14 at 15:19
  • What Mike said is true. The OP can however limit to certain files, while using `.htacess` and not restrict the entire folder. – Funk Forty Niner Nov 01 '14 at 15:20
  • See this Q&A http://stackoverflow.com/q/2182936/ that's what I meant by that. More specifically http://stackoverflow.com/a/2182961/ - Also http://stackoverflow.com/q/11728976/ - It's an option. – Funk Forty Niner Nov 01 '14 at 15:23
0

You can't.

Not if your site is only going to use client-side technologies like html, css and javascript.

Any asset that you will need for your site, will be fetched using a http request and if your site / application can do that without any server-side technologies / authentication, so can any user.

You need a server-side technology like for example php if you want to use assets in your site while not making them publicly accessible.

jeroen
  • 91,079
  • 21
  • 114
  • 132