Software, your way.
How To Get Good Custom Software
(Download)
(PDF)
burger menu icon
WillMaster

WillMaster > LibrarySecurity and Blocking

FREE! Coding tips, tricks, and treasures.

Possibilities weekly ezine

Get the weekly email website developers read:

 

Your email address

name@example.com
YES! Send Possibilities every week!

Ways to Hide Files From Snoopers

There are data files on the server that are not intended to be accessed directly by browsers or robots. But sometimes they can be accessed anyway.

By "accessed directly" I mean the file is obtained directly with a non-web page URL such as https://example.com/datafile.txt (a URL not ending with *.html, *.php, …).

These would be text files that software running on the server creates or maintains. Like log files. Or to-do lists. And, sometimes, files that contain data that is nobody else's business.

It's the "nobody else's business" files that a person may need to hide from snoopers.

There are ways.

The software on your server that creates or maintains the data files that need protecting may require modification to cooperate. I'll mention what may need updating with each method described.

As with all code, test it after it is implemented. You want to make sure it hides your sensitive content as you expect it to.

Hide Entire Directory

Perhaps the easiest method to protect sensitive data files from web snoopers (people or bots) is to create and maintain the data files in a subdirectory that contains no web page files. Then block the entire directory.

The software that creates or maintains the files would need to have the subdirectory location named when specifying the file locations.

To protect all files within a subdirectory from access by browser or bot, put this into the .htaccess file within that very same subdirectory. 

deny from all

Software on your server can still access the directory using direct file access — but not by using HTTP or HTTPS, or by using Ajax.

This method can be used for any subdirectory and its subdirectories that have no web pages or software that needs to be accessed with HTTP or HTTPS.

The .htaccess is a plain text file, named as indicated. It can be used to give the server special directions related to how content is or is not sent to the browser.

There are Various Ways to Protect a Directory. The above I think is the simplest.

Hide With .cgi File Name Extension

This method of protecting a data file pretends to be a CGI script. Access of the file via browser or bot responds with an Internal Server Error or other script error message instead of revealing the file content.

If your server can run Perl CGI scripts, you can use this method.

If you are uncertain whether your server can run Perl CGI scripts, make a plain text file with any text, name it testing.cgi, and upload it to your server. Type the URL of testing.cgi into your browser. If you get an Internal Server Error or other script error message, it does. If you see the text content of the file, it does not.

To use this method, the data file to be protected needs to end with .cgi so the server tries to run it as a Perl CGI script.

The software that creates or maintains the data file would need to have the data file's location specified with a .cgi file name extension.

Hide With PHP exit Command

This method of protecting a data file pretends to be a PHP script (with a .php file name extension. The very first line of the data file is 

<?php exit; ?>

Access of the file via browser or bot responds with no content at all.

To use this method, the data file to be protected needs to end with .php and the first line of the file needs to be as indicated above. As soon as the server encounters <?php exit; ?>, no other content is sent to the browser or bot.

The software that creates or maintains the data file would need to have the data file's location specified with a .php file name extension and be coded to insert that first line when the data file is created and to otherwise ignore that first line.

You now have 3 ways to protect plain text files from snooping browsers and bots that contain sensitive information.

This article first appeared with an issue of the Possibilities newsletter.

Will Bontrager

Was this article helpful to you?
(anonymous form)

Support This Website

Some of our support is from people like you who see the value of all that's offered for FREE at this website.

"Yes, let me contribute."

Amount (USD):

Tap to Choose
Contribution
Method

All information in WillMaster Library articles is presented AS-IS.

We only suggest and recommend what we believe is of value. As remuneration for the time and research involved to provide quality links, we generally use affiliate links when we can. Whenever we link to something not our own, you should assume they are affiliate links or that we benefit in some way.

More "Security and Blocking" Articles

Search Files on the Server

Convert Text to JavaScript

Keeping Image Location Secret

Other Recent Articles from the Library

Capitalizing the First Letter of Words

Fixed-position Table Header

Simple Floating Menu

CSS Drop Shadows for Images

Ajax File Upload

How Can We Help You? balloons
How Can We Help You?
bullet Custom Programming
bullet Ready-Made Software
bullet Technical Support
bullet Possibilities Newsletter
bullet Website "How-To" Info
bullet Useful Information List

© 1998-2001 William and Mari Bontrager
© 2001-2011 Bontrager Connection, LLC
© 2011-2024 Will Bontrager Software LLC