0

How can prevent direct access to the files like the folders/files in application ?

I see in application folder are files .htaccess and index.html that include :

.htaccess

<IfModule authz_core_module>
Require all denied
</IfModule>
<IfModule !authz_core_module>
 Deny from all
</IfModule>

index.html

<!DOCTYPE html>
<html>
<head>
    <title>403 Forbidden</title>
</head>
<body>

<p>Directory access is forbidden.</p>

</body>
</html>

i create a new folder in a root project directory with name: Customers where will be stored customers PDF files . I paste both files .htaccess and index.html from application to Customers but the PDF files are still able to direct access .

How to make them like application folder files to be able to access only the system ?

Ivan
  • 433
  • 5
  • 16
  • you can find an excellent answer here https://stackoverflow.com/questions/37981011/separate-codeigniter-public-folder/49341042 – Atural Apr 14 '20 at 08:03
  • @sintakonte this is how to separete system and application folder , im looking how to create new folder that only the codeigniter system to access the files inside – Ivan Apr 14 '20 at 08:40
  • think in that way - if you setup your apache vhost in that way - the application folder is outside the public root - and therefore you can make a folder in your application directory e.g. `application/uploads/customers` which is automatically protected because of your more secure setup – Atural Apr 14 '20 at 08:45
  • @sintakonte my account is limited is not like owner account, i do not have access for outside the current project folder. – Ivan Apr 14 '20 at 08:49
  • @sintakonte is there any way to deny access to special folder/files to all who are not logged user ? – Ivan Apr 14 '20 at 09:13

2 Answers2

1

some how this way is working .

Inside the Customers folder i put .htaccess like this one (replace domain with your) and will prevent direct access to files but will allowed access from the system

RewriteCond %{REQUEST_FILENAME} ^.*(pdf|)$
RewriteCond %{HTTP_REFERER} !^https?://(www\.)?domain\.com/ [NC]
RewriteRule . - [R=403,L]
Ivan
  • 433
  • 5
  • 16
0

The best practice would be to store them outside of your public folder.

To request these files you could use the answer given in another topic: how to access documents(.pdf .doc etc) which are stored outside of the root folder

F. Kraijenoord
  • 21
  • 5