How to prevent direct access to the files with CodeIgniter
Question
How can prevent direct access to the files like the folders/files in application?
I see in application folder are files .htaccess and index.html that include:
.htaccess
<IfModule authz_core_module>
Require all denied
</IfModule>
<IfModule !authz_core_module>
Deny from all
</IfModule>
index.html
<!DOCTYPE html>
<html>
<head>
<title>403 Forbidden</title>
</head>
<body>
<p>Directory access is forbidden.</p>
</body>
</html>
i create a new folder in a root project directory with name: Customers where will be stored customers PDF files. I paste both files .htaccess and index.html from application to Customers but the PDF files are still able to direct access.
How to make them like application folder files to be able to access only the system?
2 answers
solution1
1 ACCPTED 2020-04-14 09:58:28
some how this way is working.
Inside the Customers folder i put .htaccess like this one (replace domain with your) and will prevent direct access to files but will allowed access from the system
RewriteCond %{REQUEST_FILENAME} ^.*(pdf|)$
RewriteCond %{HTTP_REFERER} !^https?://(www\.)?domain\.com/ [NC]
RewriteRule . - [R=403,L]
solution2
0 2020-04-14 07:08:33
The best practice would be to store them outside of your public folder.
To request these files you could use the answer given in another topic: how to access documents(.pdf.doc etc) which are stored outside of the root folder
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.