In the process of moving an application from ColdFusion to PHP, I have a ColdFusion server running on CentoOS using apache. Despite a correct robots.txt disallowing the indexing of my application it has come attention that some files from the clients were indexed.
I need to know how to set up apache to only allow access to file from the server itself and NOT allow anyone to access the files from the inter-google. SO if you were to click the link it would deny access, but if you were to attempt to download it from the application itself (using a download script) it would allow it to download. Is it possible and how?
LOVE that the search engine ignored my robots.txt. Thanks!
Related
Is it possible to configure Apache to support CRUD operations on file resources? GET works out of the box, how can you make PUT and DELETE work?
I would need to upload a file by HTML form and/or XMLHttpRequest2.
No PHP. No CGI. Just plain Apache by configuration.
Is this supported in other web servers? I'm trying to find a static REST interface for file resource management without CGI/PHP/Connector/Reverse Proxy/FTP server.
Wamp is installed on a local server.
How can i prohibit the users from opening
http://<server-ip>:<port-no>/index.php
but i should be able to log into the server and open the index.php
basically, i am trying to restrict the users to see the list of deployed apps on the wamp.
Use either a .htaccess file or modify your apache configuration to deny users access, only allowing your own IP address (probably 127.0.0.1).
See this page for a good starting guide: http://www.htaccess-guide.com/deny-visitors-by-ip-address/
I'm building a Mp3 store with Drupal and Ubercart. I would like to implement the best security measures to proctect the content from hackers etc. I have a file directory with .htaccess file
Contents of the .htaccess file
SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006
Deny from all
Options None
Options +FollowSymLinks
Is this enough or should the mp3 files be stored outside of the webroot?
Does VPS Hosting provide better security than shared hosting?
It appears that you have set file system to Private and files will be transferred via Drupal.
From my experience, it works and it's almost secure, unless:
A third party can access your server via FTP or a higher protocol.
A user can gain access to execute PHP.
Make sure that, if you have IMCE or other file browser module enabled, these secured folders are not allowed to access.
Whatever plan you have, hosting company has access to your files. But usually, a correctly configured can be more secure than a shared host because you can use private temporary folders, and you can have more control over who can access your server and banning bad guys.
(LAMP server configuration)
As a workaround for another problem, I need PHP to be able to access local files, but prevent these files from being served over http by Apache.
Normally, I would just use .htaccess to accomplish this, however due to institutional restrictions, I cannot. I also can't touch php.ini, although I can use php_ini_set within php.
As a creative solution, I thought that if php executes as its own linux user (not as apache) I could use normal chown's and chmod's to accomplish this.
Again, the goal is simply to have a directory of files that apache will not display, but php can access.
I'm open to any suggestions.
Put the files outside of your web accessible root (DocumentRoot), but keep them accessible via PHP.
Suggestion:
/sites
/sites/my.site.com
/sites/my.site.com/data // <-- data goes here
/sites/my.site.com/web // <-- web root is here
Here's a thought. Set the permissions on the files to be inaccessible to even the owner, then when PHP needs them, chmod() then, read them, then chmod() them back to inaccessible.
I have a directory on my website specifically for javascript files, I want these javascript files to be hidden, so if I type the url to it it says Forbidden or disallows access, but my front-end website files can still access them to execute them when needed. Is there a way to do this through a FTP client?
Cheers,
Dan
You can't do this trough a ftp client. It is the task of your webserver to forbid access to certain files.
If you change permission, the webserver won't have access to them anymore, so this is not the way to go.
You must configure your webserver to restrict the access. If you're using Apache, you can use an .htaccess file. There's different ways of doing this, many depends on the way the webserver is configured.
The easiest is to put an .htaccess file in your Scripts folder which contain only this none line :
deny from all
However, like peeter said, there's a good chance this will break your site, since the browser must access theses files, so you can't restrict access.
Put a htaccess file in your scripts folder containing deny from all, but this will stop your pages from accessing the scripts also (though not if you pass them through the PHP engine first)
You're trying to hide JavaScript files that are executed on the clients side. If a client(browser) cannot access the files means non of your javascript code is executed.
If I understood your question correctly then you cannot achieve what you're trying to achieve.