Using PHP/Apache to restrict access to static files (html, css, img, etc)

by

I would consider using a PHP loader to handle authentication and then return the files you need. For example instead of doing <img src="https://stackoverflow.com/questions/2187200/picture.jpg" /> Do something like <img src="https://stackoverflow.com/questions/2187200/load_image.php?image=picture.jpg" />.

Your image loader can verify sessions, check credentials, etc. and then decide whether or not to return the requested file to the browser. This will allow you to store all of your secure files outside of the web accessible root so nobody is going to just WGET them or browse there ‘accidentally’.

Just remember to return the right headers in PHP and do something like readfile() in php and that will return the file contents to the browser.

I have used this very setup on several large scale secure website and it works like a charm.

Edit: The system I am currently building uses this method to load Javascript, Images, and Video but CSS we aren’t very worried with securing.

More Related Contents:

  1. Using .htaccess to make all .html pages to run as .php files?
  2. deny direct access to a folder and file by htaccess
  3. Server not parsing .html as PHP
  4. Seo Friendly URL results in CSS IMG and JS not working
  5. Htaccess: add/remove trailing slash from URL
  6. URL rewriting : css, js, and images not loading
  7. Disable PHP in directory (including all sub-directories) with .htaccess
  8. PHP $_SERVER[‘HTTP_HOST’] vs. $_SERVER[‘SERVER_NAME’], am I understanding the man pages correctly?
  9. No input file specified
  10. Pretty URLs with .htaccess
  11. In a PHP / Apache / Linux context, why exactly is chmod 777 dangerous?
  12. enable cors in .htaccess
  13. Yii2 htaccess – How to hide frontend/web and backend/web COMPLETELY
  14. Is it possible to redirect post data?
  15. How can I relax PHP’s open_basedir restriction?
  16. .htaccess issues: No input file specified
  17. How can I use .htaccess to hide .php URL extensions?
  18. Leverage browser caching for 3rd party JS
  19. Request Entity Too Large PHP
  20. Directory index forbidden by Options directive
  21. Changing the root folder via .htaccess
  22. Set an environment variable in .htaccess and retrieve it in PHP
  23. How to enable gzip?
  24. Deny ajax file access using htaccess
  25. How to create clean url using .htaccess
  26. Permission denied: /var/www/abc/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable?
  27. How can I disable mod_security in .htaccess file?
  28. Request exceeded the limit of 10 internal redirects
  29. .htaccess Redirect non-WWW to WWW preserving URI string
  30. .htaccess – Redirect subdomain to folder

Leave a Comment