2

This question may sound dumb, well indeed it is dumb.
I have some files on my server:
index.html, file.txt
How do i prevent users from opening file.txt with entering this as their url: website.domain/file.txt? Is this possible easily, or do i have to make some special folders or other dark magic? Thanks

  • Put the file below the site root or configure htaccess to disallow access. – MonkeyZeus Jun 01 '18 at 17:08
  • Generally don't put those files inside the `public` folder. You can also prevent access using `htaccess` for Apache or editing the nginx.conf for Nginx – HTMHell Jun 01 '18 at 17:12
  • Ummmmm, assuming that `index.html` is masquerading as a file processed by PHP then nothing is stopping PHP from accessing the file unless your file permissions disallow it – MonkeyZeus Jun 01 '18 at 17:14
  • I'm sorry, what's a public folder? How to make a folder that is not public? –  Jun 01 '18 at 17:14
  • The the folder of `index.html` is probably the public folder. You should store your file one level above. For example, if my index file path looks like this: `.../somefolder/public_html/index.html`, then you should store your file in `.../somefolder/file.txt` – HTMHell Jun 01 '18 at 17:16
  • Ok but how is that protecting it? You still can add /somefolder/file.txt at the end and it will be the same –  Jun 01 '18 at 17:20
  • @DatProgrammer No, you store the file one level ABOVE the public folder, look at my example. Can you look at your server via FTP or whatever you are using and tell me the full path to your `index.html` file? – HTMHell Jun 01 '18 at 17:21
  • umm i'm using XAMPP for practice as for now, so i have to create a folder, make another folder inside of it, put the index.html file in it, come back to the first folder and put my files in there? How would i be able to open the files with php file then? –  Jun 01 '18 at 17:23
  • You got it wrong, you should NOT add the `somefolder`, this folder is basicly the parent of your public folder. Since you are using XAMPP then I assume your file path is `.../xampp/htdocs/index.html`, then put your protected file like this: `.../xampp/file.txt` – HTMHell Jun 01 '18 at 17:33
  • @DatProgrammer I posted an answer to make it more clear, take a look – HTMHell Jun 01 '18 at 17:46

5 Answers5

3

The simple solution is to store the file outside the public folder. (In your case public = htdocs)

For example:

├── protected.txt
├── public
│   ├── index.html
│   ├── exec.php

And then in your exec.php you can access the file with:

echo file_get_contents(__DIR__ . "/../protected.txt");

(Method #2)

Since you mentioned in the comments that you are using XAMPP that means you are running your server on Apache, I can show you a different approach using htaccess.

├── public
│   ├── index.html
│   ├── exec.php
│   ├── protected
│   │   ├── .htaccess
│   │   ├── protected.txt

And then in your .htaccess you write:

deny from all

That will make every file inside protected folder unaccessible via HTTP.

And your exec.php file will look like this:

echo file_get_contents(__DIR__ . "/protected/protected.txt");
HTMHell
  • 5,761
  • 5
  • 37
  • 79
0

You should not leave them in a publicly accessible location on your web server.

You can restrict access to individual files or groups of files in your .htaccess file. This thread has several ways to do it.

Mr Glass
  • 1,186
  • 1
  • 6
  • 14
0

There are several different ways to do this, via sessions, or user permissions', or based on whether or not the user is logged in for example..

Reviewing something like this might help you out to get started

https://www.wmtips.com/php/simple-ways-restrict-access-webpages-using.htm

Paddy Popeye
  • 1,634
  • 1
  • 16
  • 29
0

Set the permission for the file to 0 0 0. That way You can only open the file via Admin Panel.

tux
  • 1
  • 1
  • Will i be able to open the file with php if i do that? –  Jun 01 '18 at 17:13
  • No. Setting the permission to 0 0 0 will prevent PHP from accessing it. Using .htaccess to restrict direct access to the file will allow you to read/update the file via PHP – Mr Glass Jun 01 '18 at 17:20
0

Create a .htaccess file there where your index.php is located and write this

<Files *.txt>
Deny from all
</Files>
sanvssan
  • 34
  • 3