6 Replies - 526 Views - Last Post: 30 January 2018 - 10:37 AM

#1 JeremyBenson11   User is offline

  • D.I.C Regular

Reputation: 2
  • View blog
  • Posts: 274
  • Joined: 10-January 14

File Security

Posted 27 January 2018 - 02:32 PM

I know this may have been asked, but is there a way to protect files inside web root? I'm working with a media player from codecanyon, audio waveform player, and it seems to expect files inside the media folder. I can't play files outside root, tried a couple of times.

I understand serving files as downloads outside web root for protection, but is there a way to protect files inside the web root from unwarranted downloads, while still being able to force a download with headers?

Thanks,
Jeremy.

Is This A Good Question/Topic? 0
  • +

Replies To: File Security

#2 Martyr2   User is offline

  • Programming Theoretician
  • member icon

Reputation: 5332
  • View blog
  • Posts: 14,207
  • Joined: 18-April 07

Re: File Security

Posted 27 January 2018 - 08:34 PM

Yes, you can setup an .htaccess file where you "deny from all". Just do a search online for .htaccess and deny from all to learn how these work. It is pretty straight forward. :)
Was This Post Helpful? 0
  • +
  • -

#3 astonecipher   User is offline

  • Senior Systems Engineer
  • member icon

Reputation: 2705
  • View blog
  • Posts: 10,802
  • Joined: 03-December 12

Re: File Security

Posted 27 January 2018 - 09:26 PM

I'm confused on what issues you've had with the out side of the public directory. Can you expand on that?
Was This Post Helpful? 0
  • +
  • -

#4 Radius Nightly   User is offline

  • D.I.C Regular

Reputation: 39
  • View blog
  • Posts: 305
  • Joined: 07-May 15

Re: File Security

Posted 27 January 2018 - 09:44 PM

For Nginx im using this to block all before root:
     server {
            location ~ ^/ {
                          deny all;
                          return 401;
                          }
            }

And this for site/folder/subfolders i want to block access (its accessible via PHP under special circumstances); "storage" is a folder name in this site root:
       location ~ /storage.* {
                             deny all;
                             return 404;
                             }

Was This Post Helpful? 1
  • +
  • -

#5 ArtificialSoldier   User is online

  • D.I.C Lover
  • member icon

Reputation: 2206
  • View blog
  • Posts: 6,663
  • Joined: 15-January 14

Re: File Security

Posted 29 January 2018 - 11:40 AM

If you can define what exactly makes an "unwarranted download" where the server can tell the difference between that and a legitimate request, then you can probably block things that don't fit your criteria.
Was This Post Helpful? 1
  • +
  • -

#6 no2pencil   User is offline

  • Professor Snuggly Pants
  • member icon

Reputation: 6726
  • View blog
  • Posts: 31,134
  • Joined: 10-May 07

Re: File Security

Posted 29 January 2018 - 11:47 AM

I don't see how this is a web development question, this is discussion about security of a webserver.

Moving to Web Servers & Hosting.

& yes, this gets asked all the time.
Was This Post Helpful? 0
  • +
  • -

#7 ArtificialSoldier   User is online

  • D.I.C Lover
  • member icon

Reputation: 2206
  • View blog
  • Posts: 6,663
  • Joined: 15-January 14

Re: File Security

Posted 30 January 2018 - 10:37 AM

Quote

& yes, this gets asked all the time.

I don't know how many customers have told me that they want to put something online, but don't want people to be able to download it. I'm not sure what's going on in their heads or what they think the point of putting something online is, but the job of a web server is to deliver stuff to anyone who asks for it. If you really don't want people to be able to download something, the easy solution is to not put it online.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1