Prevent user from accessing the uploaded file

360 views Asked by At

I have a module which enable user to upload photos to a certain path like

domain/media/img/uploadedFiles/

I would like to user can upload photo to this location but he cannot reach the uploaded photo by writing

domain.com/media/img/uploadedFiles/filename

I have achieved not to list the files in that path by using .htaccess file but If user knows the name of the uploaded file he can still reach that file.

Thanks

1

There are 1 answers

0
Jason Grimes On BEST ANSWER

Assuming you're using Apache, you can block access to files in .htaccess too. For example:

<Files private.html>
  Order allow,deny
  Deny from all
</Files>

To prevent users from accessing any files in the directory, try putting an .htaccess file containing this inside the directory, which sets the default state to deny:

Order Allow,Deny

For more examples of specifying what resources you want to protect, see http://httpd.apache.org/docs/2.2/sections.html

See http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html for more information on access control with Apache.