hello...

i want to protect a file on my server called cache.dat. When i say protect, i mean, allow access to the file by specific php file only, i.e. data.php and deny access to it directly or link to it remotely.

this way, no one can do this, http://www.domain.com/patch/to/cache.dat and download it and see whats on it...

how can i do this in php/.htaccess ?

Easiest way is to put the file outside of the websites main directory and have the php page read it from there.

Yeah, like Premier said, the easiest fix is to simply put it in the directory above public_html. But I'm sure you can edit .htaccess or do a number of other things to keep it secured.

But I'm sure you can edit .htaccess or do a number of other things to keep it secured.

Could you give me an example you'd do this?

Call the file cache.data.php and put the line "<?php exit(0); ?>" as the very first line, then the rest can be anything. This will stop the file being downloaded.

You can also protect the file with .htaccess if you want to learn how to do the .htacess magic neded (lots of Googlable examples available).

Or, you can do what someone else suggested, and move the file outside of your web root - that is, above the public_html hierarchy.

i tried your method, where you use <?php exit(0); ?>. Welll, the contents of the file didnt get downloaded when accessed directly. At the same time, the contents of the file werent able to be used inside my php scripts... :(

You would need to alter your php scripts to make sure they are reading the new file name, and also to ignore the extra info.

If you cant do this, then perhaps moving it outside the document root as suggested earlier would be easier.

What Ken said :) Get the script to skip the first line, should be as simple as a line or two code change. If it's a binary file and you can't, move it outside the doc root as suggested above.

There are three easy options available:

1) Continue on your current path: call the script "cache.dat.php". From whichever scripts the cache will be included from, set a variable to "1" (call it $run in this example, $run = 1;). In the cache file, make an if statement to check whether the file has been included, or has been directly accessed if (!isset($run)) { exit; }

2) As suggested, move the file out of the document root.

3) Put the "cache" file in a seperate directory/folder, and make a .htaccess file inside the directory. Inside the .htaccess file, enter the text: deny from all

#2 will be more than enough. #1 gives you no added security whatsoever, and #3 isnt necessary when #2 is so easy to do.

#1 gives you no added security whatsoever
Although I agree that #2 is an easy option, I don't understand why you would say #1 gives no added security? Maybe you misread my example.

What I mean is.. doing #2 makes doing #1 pointless - if the dat file is outside of the webroot, there is no point to complicating it with needless php code - the web server cant see it anyway.

The other way someone could mess with it is if they had a shell account on the box, in which case a bit of php code aint going to stop them from messing with it. In that case, once again directory permissions / ownership comes into play.

What I mean is.. doing #2 makes doing #1 pointless - if the dat file is outside of the webroot, there is no point to complicating it with needless php code - the web server cant see it anyway.
Oh, Sorry I see what you mean. I was only listing those examples as alternatives to each other, not as a three part solution.