Software, your way.
burger menu icon
WillMaster

WillMaster > LibrarySecurity and Blocking

FREE! Coding tips, tricks, and treasures.

Possibilities weekly ezine

Get the weekly email website developers read:

 

Your email address

name@example.com
YES! Send Possibilities every week!

Directory Security

There are levels or types of directory security, preventing content from being displayed in browsers or provided to robots/spiders that are not authorized to view or have the content.

  1. Securing a web page within a directory. A cookie is required. The cookie would be acquired by the browser through a log-in mechanism.

  2. Securing all files within a directory. A cookie is required. The cookie would be acquired by the browser through a log-in mechanism.

"Browser" in this article applies also to robots and spiders. The first two items on the list require the browser to present a cookie. The last item applies to all browsers, whether or not they present a cookie.

Setting a cookie is fairly simple. I'll show a simple way in a moment.

When a website needs a directory or pages within a directory restricted to only certain people, a log-in system is generally already in place. To use either of the first two items in the above list, the name of the cookie set by the login system must be known.

To determine the name of the log-in cookie (when it can't be determined by reading the software manual or the software code), log in and then see what the name of the cookie is. (In Firefox, use Preferences | Privacy | Show Cookies.)

How to set a cookie

To set a cookie, for testing or other reason, make a PHP web page containing only this line. Customization note below.

<?php setcookie("**********","value",0,"/"); ?>

Customization note: Replace ********** with the name of the cookie to set.

Save the file with a .php filename extension, perhaps setacookie.php, upload it to the server and type its URL into a browser. When the page has loaded, the cookie is set (provided your browser accepts cookies).

More elaborate methods of setting cookies, and reading cookies are at these two articles:

Securing a web page within a directory

Any PHP web page can be secured by putting the following code at the very top of the file, no space or blank lines above it. Customization note below.

<?php
if( empty($_COOKIE["**********"]) )
{
   header("Location: __________");
   exit;
}
?>

Customization note: Replace ********** with the name of the cookie to require for accessing the directory. And replace __________ with the URL of the page to redirect to if the browser does not present a cookie with the correct name.

Securing all files within a directory

Security from browsers obtaining any files at all in the directory without first logging in can be done with the following code in the .htaccess file of the directory to be protected. Customization note below.

RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_COOKIE} !**********= [NC]
RewriteRule .* __________ [L]

Customization note: Replace ********** with the name of the cookie to require for accessing the directory. And replace __________ with the URL of the page to redirect to if the browser does not present a cookie with the correct name.

The directory security methods presented in this article are effective and can be implemented on most servers. (Microsoft IIS can't use the .htaccess file method.)

Use the method that provides the desired security.

Will Bontrager

Was this article helpful to you?
(anonymous form)

Support This Website

Some of our support is from people like you who see the value of all that's offered for FREE at this website.

"Yes, let me contribute."

Amount (USD):

Tap to Choose
Contribution
Method

All information in WillMaster Library articles is presented AS-IS.

We only suggest and recommend what we believe is of value. As remuneration for the time and research involved to provide quality links, we generally use affiliate links when we can. Whenever we link to something not our own, you should assume they are affiliate links or that we benefit in some way.

How Can We Help You? balloons
How Can We Help You?
bullet Custom Programming
bullet Ready-Made Software
bullet Technical Support
bullet Possibilities Newsletter
bullet Website "How-To" Info
bullet Useful Information List

© 1998-2001 William and Mari Bontrager
© 2001-2011 Bontrager Connection, LLC
© 2011-2024 Will Bontrager Software LLC