Protecting a folder

Question

skliz 0 Unverified User

11 Years Ago

In my project I have a folder called library. the folder contains essential scripts that other php files call from so I am trying to secure this folder so that no body would be able to access the directory from the url.

But I dont know how to do this. The project was built from scratch I did not use any mvc framework.

So I am left to secure myself.

Thanks for reading.

php

7 Contributors
10 Replies
159 Views
1 Day Discussion Span
Latest Post 11 Years Ago Latest Post by diafol

chrishea 182 Nearly a Posting Virtuoso

11 Years Ago

If you are using a Linux server, you can set the access to the folder to 400 to limit it to reading by the system.

Octet 45 Newbie Poster

11 Years Ago

Disable Indexing is also a good step if you're running Apache. This shall throw out a 403 if anyone attempts to access folders.

pritaeas 2,194 ¯\_(ツ)_/¯

11 Years Ago

Disabling Indexing alone does not disable access to the files (assuming they can guess the filenames).

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

skliz 0 Unverified User · Answer 1 · 2013-04-05T16:15:41+00:00

tans alot. How do I disable indexing on apache

Octet 45 Newbie Poster Featured Poster · Answer 2 · 2013-04-05T16:56:16+00:00

You need to edit your host files, in Apache2 it is normally (although not always) found in your sites-enabled folder.

apache2 > sites-enabled > 000-default

Edit this file, and where it says:

<Directory /var/www/>
       Options Indexes FollowSymLinks MultiViews
        AllowOverride None
        Order allow,deny
        allow from all
 </Directory>

Change this to:

<Directory /var/www/>
       Options FollowSymLinks MultiViews
        AllowOverride None
        Order allow,deny
        allow from all
 </Directory>

dorco 12 Light Poster · Answer 3 · 2013-04-05T18:14:21+00:00

add this in your htaccess file: Options -Indexes

skliz 0 Unverified User · Answer 4 · 2013-04-05T21:12:22+00:00

would i place the .htaccess in that directory that I want to protect

dorco 12 Light Poster · Answer 5 · 2013-04-06T13:18:59+00:00

@skliz
yes, add the htaccess file to root directory of your project

@pritaeas
yes, that was for disabling indexing, yet still can access to files if they can guess the names...

also here is if you want to disable direct execution of php files

RewriteCond %{THE_REQUEST} (.).php
RewriteRule ^(.).php - [F,L]

cereal 1,524 Nearly a Senior Poster Featured Poster · Answer 6 · 2013-04-06T13:32:17+00:00

Since it's a library directory another solution is to .htaccess:

Order allow,deny
deny from all

this will return 403 Forbidden to any direct web access, but the files will still be available for include(), require() and require_once().

diafol · Answer 7 · 2013-04-06T13:35:51+00:00

One non-Apache way to secure files from direct access would be to apply a CONSTANT in the main file, which all included files must check for in order to run, e.g.

main.php

define("INCLUDED_ALLOWED", true);

include1.php

if(defined("INCLUDED_ALLOWED")){
    //...code...
}else{
    //trigger a 404?
}

Granted, this will not protect files other than included php files, but are you looking for other types of files to protect? It's not as elegant as an apache solution though IMO.