tags:

views:

63

answers:

2
Q: 

download page/folder privacy with .htaccess?

I have a private folder on my domain like

http://example.com/protected

and i stored lot of images and pdf file there

 /protected/pad1.pdf
 /protected/pad2.pdf
 /protected/pad1.png
 /protected/pad1.png

supose these are the files, how can i hide or protect access to there files with the help of .htaccess file.

allow only users those who knows the password.

is it possible ???

+5  A: 

Check out Apache's page on Authentication, Authorization and Access Control -- one method would be using Basic or Digest authentication. That would look something like this:

AuthType Digest
AuthName "Private files"
AuthDigestFile /usr/local/apache/passwd/digest
Require user (usernames here)

Of course, you need to generate a password and/or digest file using htdigest or htpasswd as well, but that procedure is explained in the document I linked to.

You  2009-08-08 12:38:57
+1  A: 

Or for zero configuration and zero access:

Order Allow, Deny
Deny From All

=)

Alix Axel  2009-08-08 12:42:59
-1. As you said, zero access.
You  2009-08-08 12:46:14
He wants to *hide* or protect. Why -1?
Alix Axel  2009-08-08 13:07:13
He said "allow only users those who knows the password" -- implying *someone* needs access to the files.
You  2009-08-08 13:37:49
Don't truncate, it's bad.
Alix Axel  2009-08-08 13:41:58
It's a perfectly valid answer. "Zero access" in this case means zero access through HTTP. You could set up FTP access to the folder to allow downloading of the files - although in that case you'd be better off moving them outside the web root...
DisgruntledGoat  2009-08-13 16:21:49

related questions

Encryption in C# Web-Services
How Do You Secure database.yml?
ASP.NET LocationProvider
What do you (or your company) use for wiping a machine?
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
Java: What is the best way to SFTP a file from a server
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Best way to store a database password in a startup script / config file?
Using VM to get around VPN restrictions
Best references for secure coding practices in ASP.NET and classic ASP.
Secure Memory Allocator in C++
Resolving Session Fixation in JBoss
Best Practices for securing a REST API / web service
Defensive programming
Personal Linux web server
Block user access to internals of a site using HTTP_REFERER
Is there an Unobtrusive Captcha for web forms?
My website got hacked... What should I do?
What all do I need to escape when sending a (My)SQL query?
How do you disable browser Autocomplete on web form field / input tag?
Best .NET obfuscation tools/strategy
Are there best practices for testing security in an Agile development shop?
What is the best way to avoid SQL injection attacks?
Found a critical bug, but the company doesn't care
PHP Session Security