stackoom
  简体   繁体   中英

Apache restricting folder for script access only

 原文  2015-09-13 11:33:36       php/ apache/ .htaccess

Question

I have a folder called data which has .ini files that my scripts access. I've put a .htaccess in the data folder with deny all so that the folder cannot be accessed directly. This way only my scripts on the server can access it.

Is this .htaccess method good enough? i've also tested chmod the folder to 700 which seems to also do exactly the same thing, it denies public access but allows scripts to access the files.

I am wondering if I should just use both methods? or is one method better than the other?

Ideally, I assume it would be better to place the files outside the www folder but I do not have access to that.

1 answers

solution1
 0  2015-09-13 20:24:20

The .htaccess solution will stop requests from a client from reading the files via a web browser or similar: 

deny from all

The advantage of the .htaccess file is that a future developer or admin would see the file and know you had deliberately chosen to protect that code in a well recognised way. This could help avoid issues down the line. For example if the site was copied to a new server.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Apache restricting access to a folder PHP/Apache Deny folder access to user but not to script Restricting access to webpage to administrators only Restricting access to webpage (Google Chrome only) Folder Access Restrictions Apache Will restricting a folder with .htaccess hinder internal server cron job access to a php file within that folder? Configure Apache to serialize access to a script? Restricting access to specific pages Restricting access in Codeigniter Restricting ticket access to user
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM