.htaccess allow from only local files?

Discussion in 'Web Design and Development' started by Macman1993, Mar 13, 2010.

  1. Macman1993 macrumors 6502

    Macman1993

    Joined:
    Nov 23, 2007
    #1
    Ok so I preface this with the statement that I have never written a .htaccess files in my life but I think writing one to do what I need is very simple if you aren't stupid like me ;)

    So I have a script that I'm looking to sell so I obviously need to give a page where the script is active so a buyer can see what they're getting. Obviously I don't want them being able to just type the scripts address and view the contents as that totally defeats the sale as they could then just steal it. I know that the .htaccess file can block public viewing of a file and only allow other files located on my server to use it, but as I said before I have no idea what I'm doing with a .htaccess file. Would anyone here be willing to write this for me, I'm pretty sure it would only be a few lines and I would do it but I really just have no idea what I'm doing. I would really appreciate the help, thanks in advance.
     
  2. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #2
    There's two ways to go.
    1. Store the file in a folder that is already unreachable from the public view. Generally a web host gives you a folder that you have access to and inside that folder there's a html_public, or domain.com folder where your web site files go. You can also have additional folders that are at the same level as that folder that cannot be accessed publicly. Store sensitive files there and you can have a script that pulls them out as needed for a download.
    2. The .htaccess method.
    Code:
    <Files protected.file>
      order deny,allow
      deny from all
    </Files>
     
  3. Macman1993 thread starter macrumors 6502

    Macman1993

    Joined:
    Nov 23, 2007
    #3
    Ok I tried the .htaccess method and the .html file on my server isn't able to access the script so the entire thing doesn't work. I looked into your other idea of putting the script into a folder that people cant access, my host gives me a public_html folder for all my web files and I'm not sure how to access files that aren't inside the public_html folder. This is the file structure

    root/public_html/html-file-that-I-want-to-use-the-script

    root/script.js

    so from inside the public_html folder I don't know how to go back from there and get a file, I cant say mydomain.com/script.js because then it just looks for a file called script.js that is inside the public_html folder. So what I need is some way to access that file thats away from public view or something for the .htaccess file that only allows files on my server to view the script but not outsiders.
     
  4. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #4
    Right, you can't deliver it directly because it's protected now. You need to use a server-side language to fetch it for you, like with PHP.

    PHP:
    // Script destination
    $scriptfile $_SERVER['DOCUMENT_ROOT'] .'/../protected_folder/script.js';
    // Outputs file
    readfile($scriptfile);
     

Share This Page