Protect files with .htaccess from the outside, while still allowing internal access
Question
I created a login page that is processed in PHP, which then allows you to type in an itemID and an image is pulled up.
Structure of the directory is the following: Webroot > (cgi-bin - css - error - images - secure - index.html)
(The ones in parenthesis are in the same directory). cgi-bin has include files, css has css files used for the website. error has files to redirect using .htaccess incase of a 401, 402, 404, 500 error, etc. Secure folder has files that verify the user is logged in before serving content. While the index is the login page.
I'm having a hard time finding information on how to protect my sensitive information from the outside (hotlinking, direct URL, etc), while still allowing my program to use it.
The program is written, and works perfectly, but I can type a direct URL to an image or cgi script and view its content. I tried using .htaccess "deny from all", but this denies access from my internal program also.
how can I block external access to the files, but still allow my php scripts/forms to retrieve the data.
Thanks for your time and help.
1 answers
solution1
0 2012-07-02 01:39:19
2 ideas:
Your program can pass the username and password, like so:
http://username:password@example.com/some_resource
Or if you know the IP address of the machines that you want to allow you can deny from all and allow from a specific IP.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.