0

How do I do to stop user/client to navigate in some of my website folders using URL like this:

www.site.com/main_folder/subfolder_Contaienr/files.php
www.site.com/main_folder/data/files.php
www.site.com/main_folder/data/also_here_text_files.txt

With this URL, the user can navigate to my folders and I do not want that he navigate to my website folders.

Also everyday I have some new folders. I use files in folder for external scope (e.g in some folder there are images and need to show users. In some folders are text files in which is JSON data or some users details.)

Is there any way to stop navigate to my folders using php Code without touching .htacess file?

Aryan
  • 25
  • 1
  • 5
  • do you need those files to be externally accessible (e.g. should they be available via the web?) If not, then the SAFEST and EASIEST option is to move them outside of your site's document root. in other words, if they shouldn't be visible, then don't make them available. – Marc B Jun 03 '16 at 16:01
  • yes they are externally accessible. and i also update my question. :) – Aryan Jun 03 '16 at 16:07
  • Are you running Apache? Is it correct to say that you want to prevent access to `main_folder` and everything inside of it? – MonkeyZeus Jun 03 '16 at 16:08
  • Possible duplicate of [How do I disable directory browsing?](http://stackoverflow.com/questions/2530372/how-do-i-disable-directory-browsing) – ccKep Jun 03 '16 at 16:09
  • then password protect the folders, if you do need access but need to deny them to others. and/or put them in an obscure URL as well, so the path isn't visible/guessable. – Marc B Jun 03 '16 at 16:09
  • @ccKep That won't stop direct URL access to specific files... – MonkeyZeus Jun 03 '16 at 16:09
  • @MonkeyZeus: He said he needs them accessible (for example, images that need to be shown to the user). I think he just doesn't want his users to browse the directory so easily. – ccKep Jun 03 '16 at 16:10
  • @MonkeyZeus 1.) yes. i am running apache in windows 7(localhost). - 2.) no not only `main_folder` also some oter folders also like `data` – Aryan Jun 03 '16 at 16:10
  • @ccKep Sorry about that, I didn't see the edit made by OP. – MonkeyZeus Jun 03 '16 at 16:12
  • @MonkeyZeus No worries, I'm not 100% certain what OPs asking aswell. The question could use some clarification. – ccKep Jun 03 '16 at 16:13
  • @ccKep its all in question what i am asking.. How do i stop users to naviagte to certain folders and them subfolders only i can do using php code or maually...? do i have to use any permission mode ? – Aryan Jun 03 '16 at 16:16
  • @Aryan It really isn't. Even after your edits. Simple answer: You cannot affect a request on `/main_folder/data/also_here_text_files.txt` form inside some other PHP file. Apache opens the file directly and serves it to the user, the only way to influence that behaviour is to setup your apache correctly (either by using .htaccess files or in the configs directly). If you don't want that file accessible from the web, do as @MarcB told you and move it out of the document root. – ccKep Jun 03 '16 at 16:19
  • @ccKep Agreed, check out my answer though :) – MonkeyZeus Jun 03 '16 at 16:22
  • ok ty for answer. so i use htacess to doit. – Aryan Jun 03 '16 at 16:25

1 Answers1

0

It sounds like your website actually requires quite a bit of restructuring in order to achieve your goal properly but this .htaccess file can be a temporary, ahem tempermanent, band-aid in the root of your site which will deny access to all files except for whitelisted extensions:

www.example.com/.htaccess

Options -Indexes // Turn off directory listings
order allow,deny // Deny all file access
<Files ~ "\.(php|html|js|css|jpg|png|gif|ico|txt|pdf)$"> // separate file extension with a pipe |
   allow from all
</Files>
MonkeyZeus
  • 20,375
  • 4
  • 36
  • 77
  • This answer would allow access to exactly the files the OP is asking to deny? (eg. the .txt files in the data folder etc.) So it actually wouldn't do anything for him? – ccKep Jun 03 '16 at 16:25
  • @ccKep In all honesty I am still unclear of OP's request. Maybe `html|js|css|jpg|png|gif|ico` would suffice... – MonkeyZeus Jun 03 '16 at 16:27
  • I think he has files he doesn't want to be accessible from the web **at all**, which is impossible without restructuring his document root (and probably application) or using .htaccess files. He (originally) asked to do it without any of those though. – ccKep Jun 03 '16 at 16:29
  • @ccKep You're right but I don't think OP's requirements will ever become fully ascertainable. Based on their final comment on the question, it sounds like he might go with my suggested route though, lol. – MonkeyZeus Jun 03 '16 at 16:36