Protecting a *.doc with htaccess

finsklapphundkl · 12-20-2004, 03:08 PM

Hello

At my webhost Ive made a folder containing some *.xls and *.doc
These files is supposed to be accessed only by me and a few others.

Ive placed a htaccess-file in the folder. The folder itselves is protected, and so is som html-files. But!!! if i type the url to the *.doc directly in my webbrowser, the *.doc opens......

Why?

Thanks in advance!
Rug

finsklapphundkl · 12-22-2004, 08:57 AM

Not much help here......

(

But I solved the problem:
I made a new folder under the documentfolder,
(Like http://www.myhomepage.com/documents/members/members.doc), but lets the htaccess-file stay in the documentsfolder.

In this way the folder members gets protected, and hence the members.doc

Rug

Spookster · 12-26-2004, 05:50 PM

The easiest way would have been to place your files above your root web directory making it non-accessible to the public.

finsklapphundkl · 01-07-2005, 10:33 AM

But I try to have as few files ad possible in the root. My page is growing, and if I dont watch out, I might loose my "overview" of what files belonging where.....

)

Spookster · 01-07-2005, 02:50 PM

Quote:

Originally Posted by finsklapphundkl

But I try to have as few files ad possible in the root. My page is growing, and if I dont watch out, I might loose my "overview" of what files belonging where.....

)

It is common practice to place any files you don't want accessible to the public that need to be accessible for site functionality in a non-web-accessible directory. Thus you create a directory just above the public_html, www, etc whatever the root web directory is being used for your server. This makes the files non-accessible to the public but still makes them accessible to the site using relative paths. That is how you would do it if you were using .htaccess and needed to use a .htpasswd file. The .htpasswd file obviously needs to be in a non-web-accessible directory but yet still be accessible to the .htaccess file. Same goes with include files for various different web based scripting languages. You would place the include directory above your web root directory.

Edit: I just reread your original post again. I didn't notice you said you wanted it to be accessible to other members. In that case then it would be best to place the files in a web accessible directory and just use a .htaccess file in combination with a .htpasswd file and just give each of the members a login to access the directory. If you were able to type the URL directly and still access the file then that means your .htaccess and/or .htpasswd was not setup correctly.