LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page web server files need protection from being browsed
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 01-20-2009, 04:25 PM   #1
frieza
Senior Member
Contributing Member
 
Registered: Feb 2002
Location: harvard, il
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,233

Rep: Reputation: 406Reputation: 406Reputation: 406Reputation: 406Reputation: 406
web server files need protection from being browsed

i'm hosting a LAMP server that has confidential data, the short of the problem is how can i secure the files so that only the php scripts can read the data in the files but not allow users to open the data files in the browser?
 
Old 01-21-2009, 01:03 AM   #2
rylan76
Senior Member
 
Registered: Apr 2004
Location: Potchefstroom, South Africa
Distribution: Fedora 17 - 3.3.4-5.fc17.x86_64
Posts: 1,552

Rep: Reputation: 103Reputation: 103
You should be able to setup a .htaccess file that will restrict the files from being viewed by the Apache user, but you should be able to access them with PHP directly. The Apache docs might be a good place to take a look, search under ".htaccess format" or some similar string.
 
Old 01-21-2009, 02:48 AM   #3
tanveer
Member
 
Registered: Feb 2004
Location: e@rth
Distribution: RHEL-3/4/5,Gloria,opensolaris
Posts: 525

Rep: Reputation: 39
Does your problem is like users can browse the content all the docs like a ftp?

To stop this just remove the Indexes option from httpd.conf which I think you already know.

And I don't know if this is possible with .htaccess to restrict users from reading docs, I am also interested.
 
Old 01-21-2009, 09:29 AM   #4
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
Quote:
Originally Posted by frieza
how can i secure the files so that only the php scripts can read the data in the files but not allow users to open the data files in the browser?
Example (denying access to .dat files and .doc files):
Code:
<FilesMatch "(.dat$|.doc$)">
    Order Allow,Deny
    Deny from all
</FilesMatch>
See: http://httpd.apache.org/docs/2.0/mod...tml#filesmatch
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
CentOS Web Server - Where to Keep Website Files Ascendancy5 Linux - Server 5 11-21-2008 12:39 PM
DVD and CD players can no longer be browsed of files (cd / ls -l don't work either) nix-newb Linux - General 7 09-09-2006 05:53 AM
LXer: Backup MySQL databases, web server files to a FTP server automatically LXer Syndicated Linux News 0 08-11-2006 09:54 PM
Same permissions on two files, but only one can be accessed by web server? murr4y Linux - Software 5 06-14-2005 02:59 AM
Getting files off web server itgl72 Linux - Newbie 5 08-11-2003 07:59 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:19 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration