htaccess securing files from being accessed by users
So, I'm sure this question gets asked quite a lot around here, but after a good 20 mins searching, I haven't been able to find any questions that produce the correct result.
I have files, such as /index.php and /dashboard.php which use resource files such as /framework/assets/stylesheets/index.css etc. What I want to do, is block off the access to any files in the /framework/ directory, but still allow usage of them from index.php and the other respective files. How would I configure my .htaccess file to allow me to do this?
I understand that this may not be possible, but is there any way that the directory /framework/ which includes some PHP files to be hidden from users, but still allowed to be accessed via other PHP scripts using include 'file.php'?
Any help would be very appreciated. Thanks.
Since you want to have a css file only available when the specific php script is run you could use a include directive in php and embed this into your other html.
Something like this:
//... <head> <style> <?php include("/framework/assets/stylesheets/index.css"); ?> </style> //... </head> //...
php-files aren't restricted through htaccess and you include it server side and offer only the stuff you want to the client.
<LimitExcept POST> order deny,allow deny from all </LimitExcept>
As stated in the comments to the original question by Magnus Eriksson, to achieve the effect that I wanted to with CSS files, JS files, and other resource files is something that cannot be done, as these files are directly fetched by the HTML, and therefore use http requests.
The PHP files however are able to be protected, by placing a .htaccess file in the /framework/ directory with the content of:
deny from all
To grant access to the resource's in /framework/assets/, All that needed to be done was to add another .htaccess file with allow from all written inside.
Simple answer to a simple question.
Documentation for further use: https://httpd.apache.org/docs/2.2/howto/access.html