Hi to all,
Please, some help over here. I�ll try to be as much clear I can.
In summary my problem is:
I have a PHP application installed in a folder of my domain that reads CSV.txt files from
another folder in my domain and I need to restrict direct access to see and download these CSV.txt
files for all users through web browsers, except for the PHP application.
In more detail the scenario is:
- I have mydomain.com working with a CMS normally.
- I created a folder within mydomain.com-->mydomain/myfolder/
- Whithin this folder I installed a PHP application that runs independently of the CMS
application installed in mydomain.com - This PHP application installed in mydomain/myfolder/ get products from CSV files to load into a MySQL DB.
- This products are stored in /public_html/products-to-show/recents/
- The PHP application runs a cron link to refresh the products data base.
- The refresh link used by cron job is the URL of the folder /public_html/products-to-show/recents/ in this case is
http://www.mydomain.com/products-to-show/recents/ (and can be accessed by any user) - The link used by cron must be a URL because If I use a folder outside public_html, (e.g. /public_ftp/products/) I can`t
say to the PHP application how to reach that path.
If I restrict privileges from folder with user and password, I receive a fopen() error in my
PHP application execution, and for my little knowledge of PHP is very dificult for me to modify
any file of the PHP application without affecting the normal behaviour of the script.
I`ve tried putting a .htacces file within /public_html/products-to-show/recents/ containing the following
lines of code.
/public_html/products-to-show/recents/.htaccess
# Restricting access to users
#Order allow,deny
#deny from all
This .htacces effectively restricts direct URL access for all users through web browsers showing a 403 error (nice!),
but it restricting the access to my PHP appliaction either (too bad) when I expected the opposite because is an access
from the same IP and the same domain where my PHP application resides.
May please someone help me out to solve this issue I have?
Any help would be very appreciated.
Best regards.
---------- Post updated 10-11-10 at 12:45 AM ---------- Previous update was 09-11-10 at 01:28 AM ----------
Well, I come back answer my own question :D, after searching and searching with a really easy solution, I was only needing to add one more line of code in .htaccess file.
#Deny access for all users (all IPs), except the same domain IP
Order allow,deny
deny from all
allow from xxx.xxx.xxx.xxx
ErrorDocument 403 /403.html
Looks very easy when we know what we have to do. After viewing some .htacccess programming, I get with the solution I was looking for.
Thanks.
Best regards.