Protect your webserver directories using PHP

May 10, 2011

Well, this isn’t an entirely effective protection, but it prevents visitors (or people who intentionally pry too much) from getting an index of files and folders which you don’t want them seeing. For example, you can use this technique to disable an index of files appearing in your website’s images folder, though it wouldn’t protect from hotlinking especially if people know direct links of your images.

In practice you should compound this method of protecting your website and its files.
// Redirect them somewhere...
Header('Location: http://mysite.com/go-here.html');
// End the script.
die('You are not allowed to access this directory.');

Save this PHP code as index.php on the directory you want to protect. The idea is to write your own index file so your webserver doesn’t generate it, and it redirects back to wherever your site is so it’s a little more friendly than, say, disabling indexes entirely. As a plus, it should work if for some reason you can’t get .htaccess to work. Like I said, compound it with more sophisticated techniques to fully protect your website’s files. 🙂

%d bloggers like this: