php - How do i make folder on server secure?

476

I'm creating a website on my local computer and have no database system.

For each user entering the page, i create a text file with their IP adress as the name. So when i go on the website when it's hosted on my computer, a PHP script creates a file hits/127.0.0.1.txt.

The file contains some sensitive information, and i dont want anything else then my PHP scripts to access the files.

When i write 'localhost/mysite/hits/' i can access all the text files and information. I'd like to prevent this so people wont be able to see this when i publish the site

How can i do this?

And by the way, I create this file to use it to count visitors and see when i get most visitors.

Answer

Solution:

It is depending on your Webserver

Apache:

You need to insert in the directory a.htaccess file, with contentdeny from all

https://stackoverflow.com/a/9282193/2441442

IIS:

You need a Fileweb.config to configure Request Filtering:

<configuration>
   <system.webServer>
       <security>
          <requestFiltering>
               <hiddenSegments>
                   <add segment="My_Directory" />
               </hiddenSegments>
           </requestFiltering>
       </security>
   </system.webServer>
</configuration>

https://stackoverflow.com/a/4038572/2441442

Nginx:

You write in your Configuration:

location ~ /(dir1|dir2|dir3) {
   deny all;
   return 404;
}

Because of the background of Nginx (Performance) you need to restart the server. The config is only one time loaded.

https://serverfault.com/a/232706/220399

For all other

http://bit.ly/1ktwZHG

207

Answer

Solution:

You can try and create an .htaccess file in the folder and deny all in the .htaccess script

People are also looking for solutions to the problem: php - Stop insert of first row from CSV

Source

Didn't find the answer?

Our community is visited by hundreds of web development professionals every day. Ask your question and get a quick answer for free.

Ask a Question