How to prevent users from opening a file on the server?

Question

This question may sound dumb, well indeed it is dumb.
I have some files on my server:
index.html, file.txt
How do i prevent users from opening file.txt with entering this as their url: website.domain/file.txt ? Is this possible easily, or do i have to make some special folders or other dark magic? Thanks

Answer 1

The simple solution is to store the file outside the public folder. (In your case public = htdocs)

For example:

├── protected.txt
├── public
│   ├── index.html
│   ├── exec.php

And then in your exec.php you can access the file with:

echo file_get_contents(__DIR__ . "/../protected.txt");

---

(Method #2)

Since you mentioned in the comments that you are using XAMPP that means you are running your server on Apache, I can show you a different approach using htaccess.

├── public
│   ├── index.html
│   ├── exec.php
│   ├── protected
│   │   ├── .htaccess
│   │   ├── protected.txt

And then in your .htaccess you write:

deny from all

That will make every file inside protected folder unaccessible via HTTP.

And your exec.php file will look like this:

echo file_get_contents(__DIR__ . "/protected/protected.txt");

Answer 2

You should not leave them in a publicly accessible location on your web server.

You can restrict access to individual files or groups of files in your .htaccess file. This thread has several ways to do it.

Answer 3

There are several different ways to do this, via sessions, or user permissions', or based on whether or not the user is logged in for example..

Reviewing something like this might help you out to get started

https://www.wmtips.com/php/simple-ways-restrict-access-webpages-using.htm

Answer 4

将该文件的权限设置为0 00。这样，您只能通过管理面板打开文件。

Answer 5

Create a .htaccess file there where your index.php is located and write this

<Files *.txt>
Deny from all
</Files>