2

I have a Laravel 5 project in which I am uploading files in database in Medium Blob format.

But uploading files in database takes some extra time to execute.

Uploading files in database is a secured way to keep files safe from crawlers or some bots.

I have tried to Upload files to the Public folder. But the crawlers can open these files.

Is there any possible way to upload files in the file system?

So that the Crawlers cannot open these files.

I want these files to be Secured

sujit prasad
  • 895
  • 2
  • 12
  • 28

3 Answers3

2

you can upload them outside of the public scope. For example, storage/ folder is a good place. Also, you can grab them using the file system manager. Take a look: 

$image = \Storage::get('file.jpg');

Edit

A correct laravel installation just allow the content of public/ to be accesible via web browser. If other directories as storage/ or resources/ are public too, then you installation is really incorrect.

Said that, once you upload the files in storage/ folder nobody can access them except by you using the \Storage facade. When you call for example \Storage::get('file.jpg'); it returns an stream of bits that you can allocate them in a temporary folder and then display it in the webside. Once the request has finished, the image will disappear again from public domain.

manix
  • 14,537
  • 11
  • 70
  • 107
  • Storage folder can be accessed by bots, so this is not full proof. I want the files(e.g images) not to be publicly accessible – sujit prasad Dec 02 '15 at 09:25
  • You are wrong. Only public/ is accesible by browser. If your storage/ folder is public then you did an incorrect installation – manix Dec 02 '15 at 14:17
  • @sujitprasad, I have edited the answer. Also, you need to learn more about laravel's infrastructure to know which folders are public an which not. – manix Dec 02 '15 at 15:20
  • I downloaded a laravel project from github. Had made my project on top of that. Also hosted on the VPS server where I have full control. Uploaded a file in the path "storage/filename.jpg". And searched that path in the browser "www.website.com/demoproject/code/storage/filename.jpg" and it opens just like that. – sujit prasad Dec 03 '15 at 05:52
  • 1
    As I thought, your laravel's installation is not correct. For example, if you are under apache server, generally all public files are located into `public_html/. So, I think that you made the installation there. A correct instalation should be located outside of that directory. You need to set the `document_root` to `public` in your `httpd.conf` – manix Dec 03 '15 at 05:57
  • This is what I have thought for but was trying to search for much easier technique. If I come with some bigger update this will be a task. Anyways yours is an answer. I hope to find out any simpler technique. – sujit prasad Dec 03 '15 at 06:09
  • 1
    Now, just put your files outside of `public_html/`, say, `/home/your-user/upload_files/`. – manix Dec 03 '15 at 06:16
0

No need to change the directory this can be achieved by two ways

LazyOne Answer using .htaccess

AND

Using robots.txt

I will suggest to implement both .htaccess and robots.txt as some cheap crawlers ignore robots.txt but they can't ignore .htaccess

Community
  • 1
  • 1
Envision eCommerce
  • 101
  • 1
  • Spam bots can by pass robots.txt as its not binding upon them. Will .htaccess be full proof method?. I want the files(e.g images) not to be publicly accessible. – sujit prasad Dec 02 '15 at 09:26
0

You can follow this method

image-accessibility-for-authenticated-users-only

As this only allows authorized uses to view image

Envision eCommerce
  • 101
  • 1