Restricting Directory access from web application context

Question

i have a web application which stores users file in directory which is under webroot directory..

Suppose web application is under 'fileupload' and all files are getting stored in 'xyz' folder under 'fileupload' so now if user points to url say like

www.xyzpqr.com/fileupload/xyz/abc.doc, he gets that file.

How do i restirct this from happening.. i have thought of putting xyz folder in WeB-inf folder but as my application is very big i have to made changes at too many places.. so is there any way so that without moving the folder to web-inf (restricted folders) i can achieve wat i want..

Answer 1

In many cases, this is something that you can set in the configuration for the webserver your files are stored on. You can require passwords for directory access, or restrict things even further than that. It will vary by implementation exactly what configuration file you need to look at, but some common ones are http.conf and .htaccess

If you're unsure, it's probably worth it to contact your hosting company and/or network admin.

Answer 2

Hi if you are using Apache web server you can protect a directory by password. But you need to be able to edit/create .htaccess file. Here's the solution for WAMP server: http://php-mysql.develop.sitefrost.com/PHP/security.php

It is very similar for other platforms. When someone wants to access a protected directory he must first submit username and password.

Answer 3

I would suggest creating a filter which examines every URL to see if the user has access to that particular file and denies the request if not.

This gives you full control.