Accessing Files One Way But Not Directly

Chris77 · August 13, 2012, 3:34pm

Sitepoint Members,
Is there a way to use a file for the making of a webpage but even if the address of that file is known the file can not be accessed directly using a browser?

Thanks,

Chris

logic_earth · August 13, 2012, 4:03pm

Eh? What do you mean “for the making of a webpage”?

rpkamp · August 13, 2012, 7:48pm

Which language are we talking here? PHP? Something else?

Chris77 · August 13, 2012, 8:26pm

Assembling of a webpage, since most web pages are a collage of different parts (files).

html, php

ralphm · August 14, 2012, 12:05am

Sounds like you want to use “PHP includes”. That is, you have content in various files, which are pulled into a page via little bits of PHP. I’m sure you could deny access to those include files to prevent someone navigating directly to them. But you can also just put them somewhere where no one is likely to find them, as you can’t see them from the source code itself.

Chris77 · August 14, 2012, 4:55pm

I though maybe
<Files .htaccess|example.jpg>
deny from all
</Files>

would work in that pages using example.jpg would show example.jpg and if you went to the file example.jpg directly via a browser then the browser wouldn’t bring the file up. But the htaccess code above doesn’t stop a visitor from viewing a file directly.

oddz · August 14, 2012, 6:14pm

The simplest method is to place the files outside of the site root. If the files you are referring to are including server-side that will do. If they are some type of media file with user authentication requirements for access than a script/access point needs to be created to indirectly serve them up.

rpkamp · August 14, 2012, 6:17pm

The only way there is to prevent image access directly that I know of (aside from having to log in) is to check the HTTP Referer [sic]. Even though this methods isn’t waterproof, most people deem it “good enough”.
The easiest way is to check in your .htaccess file:


RewriteEngine On
RewriteCond %HTTP_REFERER} !^http://www\\.example\\.com/ [NC]
RewriteRule \\.jpg$ - [F]

This will show a 403 forbidden if you access a .jpg directly, but the image will work fine when used on a website on your own domain (here, [noparse]www.example.com[/noparse]).

If you want more info you can google for “prevent hotlinking apache”

Chris77 · August 14, 2012, 9:21pm

I’m aware of hotlinking but didn’t think of visiting and linking as the same but standing in the shoes of the site being visited/linked to, they’re exactly the same. I’ll use the code you gave me. I have my css in an includes file because it takes so long for folders top open (on a shared server). The site loads a lot faster this way, but it reveals addresses to the images I use on every page. Someone recreated one of my pages and put it on someone else’s site, this should stop them from using the images - along with the other htaccess code Options -Indexes.

Thanks ScallioXTX,

Chris