imagienworld.rf.gd
So I have this file in my htdocs, called “data.json”. The user can just go to imagienworld.rf.gd/data.json to see everything inside. So how do I make it only accessible by serverside (ie. PHP), and when anyone else tries to go to imagienworld.rf.gd/data.json it just says 404 or access denied?
Hi
create an .htaccess file with this content:
Require all denied
this will create 403
But first, you should move that JSON to some subfolder where the .htaccess file will be
because if you put it on root (.htaccess file)
probably some basic things from your website will not work online
if you just want to hide the contents of the folders (but it will be accessible to everyone who knows the path)
then you can use this
# Disable Directory Listings in this Directory and Subdirectories
Options -Indexes
and it is recommended !
and do that by putting the .htaccess file with this content on the root
Hi, thanks for the quick reply. I was reading this stackoverflow answer, php - Only allow script from server to access files - Stack Overflow and I am confused about two things the author said.
,,If you for some reason need one PHP script to execute another via HTTP’’
and
,,If you need JavaScript documents on the client side to not access these files, then this cannot reasonably be done’’
I’m a complete noob at this. What do they mean by PHP script executing another via HTTP? Isn’t everything in a PHP file done via PHP or something? Also, doesn’t doing what the author said deny all access via client side, ie. Javascript? Why does he then say that making Javascript not be able to access the denied files, impossible?
Also, what do you mean by disabling directory listings? Does it hide the directory in ftp or something? Or does it make it invisible to people who want to view the file system of my website?
Lastly, can I just do “Require (specific file) denied” and still put the file I want to hide, inside the root folder?
That’s why I emphasized that the best solution is to put all the files you want to restrict/hide in a subfolder
so you don’t have to think a lot or constantly edit .htaccess file in case you have more files and so on
e.g. if you have a folder named “secret” and in it that .htaccess file (plus files)
whoever tries to come to your domain/secret/ will get a 403 error.
that means if, for example, you have a css folder here
imagienworld.rf.gd/css/
if someone comes to the address of that folder
the server will show him the files that are there
and that behavior is disabled with the code I mentioned.
Don’t be confused by older and newer versions of code for Apache
The server is Apache 2.4+
but in most commands, it also supports older forms for previous versions
so both should work
<Files "log.txt">
Order Allow,Deny
Deny from all
</Files>
VS Apache 2.4
<Files "log.txt">
Require all denied
</Files>
Can you explain to me what the author of the stackoverflow answer I linked in my previous comment meant?
HTTP = site visitors who of course use the http protocol
means they access your website through a browser by asking for the url or following your menu
PHP = serverside
And the author gave additional clarification (link to article) for order : allow and deny
which if you read, you will see that it is not the same which of these do you put first
but I don’t think you need to bother with it when you got all the answers above
So what do they mean when PHP executes another PHP script through HTTP? Shouldn’t that be impossible since HTTP is client sided and PHP is chiefly server sided?
And what do they mean by it being unreasonable for JS documents on the client side to not access files hidden via htaccess? Isn’t that the entire point of hiding files from the client with .htaccess — ie. to make it inaccessible to clientsided JS?
I am so confused here.
He probably means the menu
if you have a file called index.php (home page)
and in it the menu for the about.php page
of course index.php will call the about.php page and display it in the user’s browser
when the user clicks on a button or text link.
That would mean HTTP req !
Javascript is run on the user side
the browser has that in it (uses the user’s CPU, RAM, etc.)
PHP is executed on the server and uses server resources (CPU, RAM, etc.)
php can call other files, create new ones, can also delete them and so on.
HTML code can be seen (by browser or xy…)
while the PHP code cannot be seen, only the generated page by the server, which is then displayed to the visitor.
He corresponds to a specific request from the OP (in the initial question)
so don’t bother with it
he doesn’t talk in general terms or mention some golden rule
And please don’t turn this topic into endless questions because this is a support category
not for educating people in depth or commenting on someone’s post on some website.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.