Denying web viewers access to a folder but still allowing the server access?

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • ukballer1012
    New Member
    • Jul 2012
    • 1
    #1

    Denying web viewers access to a folder but still allowing the server access?

    I just started learning apache yesterday and I couldn't find this on the internet anywhere so bear with me. I have a folder called "images" which contains all the images my site uses. I would like to deny web viewers access to the specific folder (to where they can't access the url but can still see elements on my webpages that use those images). I want to set it up using a directory directive but I don't know how. This is how I have it set up currently:


    <Directory "/var/www/html/images">
    Order allow,deny
    Deny from all
    Allow from localhost
    </Directory>

    Pointing me to a guide that also shows a solution would be appreciated.
    Tags: None
    • Luuk
      Recognized Expert Top Contributor
      • Mar 2012
      • 1043
      #2
      I think that's not possible with some config option in apache.

      However, you could create a i.e. PHP-script which is able to read outside the webroot, and make it return the image.

      something like (untested):
      Code:
      <?php
$name=$_GET["name"];
header('Content-type: image/jpeg');
echo file_get_contents($name);
}
?>
      When you call this like:
      Example Domain
      http://www.example.com/image.php?name=/images/1.jpg

      it should show the image which is stored in /images/1.jpg
      (if PHP has enough access to read it.)

      But, be aware that this will always read every file, not just jpg-files, you should add the needed checks,
      Because:
      Example Domain
      http://www.example.com/image.php?name=/etc/passwd

      will return your password file ;)
      Last edited by Luuk; Jul 15 '12, 05:48 PM. Reason: typo cleared

        Comment

        Previous template Next
        Working...