Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

htaccess

Status
Not open for further replies.
DaneshD

DaneshD

Programmer
Dec 10, 2004
19
SE
Hi,

I am using this lines in .htaccess to protect a access to a file:

<Files something.xml>
order deny,allow
deny from all
</Files>

but when my javascript code tries to open this file it fails to open. It seems that the file is protected for my code on my server. How can I protect a file from users to be able to see content of it on their browser but make free access for my code on the web server?

Thanks in advance for your help,

D.
 
Sort by date Sort by votes
Hi

DaneshD said:
but when my javascript code tries to open this file it fails to open.
Click to expand...
What kind of JavaScript, client-side or server-side ?
DaneshD said:
It seems that the file is protected for my code on my server.
Click to expand...
something.xml will not be served by the web server. The file is still accessible in every other way not controlled by a web server : local file system, network file system, FTP, gopher, telnet, whatever.


Feherke.
 
Upvote 0 Downvote
I meant client side javascript. When I "deny" access to the file by using .htaccess and then try to open it by entering the address " I get "Permission denied message...". That is what I need, but in that case my code will not be able to open it.
 
Upvote 0 Downvote
Hi

Client-side JavaScript can only access the files on server by requesting them. So they would be served by the web server.

The web server can not make a difference between requests. There is absolutely no way to tell if a request was made by the browser itself, or a script running in the browser, or a completely independent software.

Even if the web server could tell with 100% certainty that the request was made by JavaScript, it still can not know if that script was the one downloaded as the HTML document's dependency and if it was not altered in meantime on the client-side.

And even if the web server could tell with 100% certainty that the request was made by your unaltered script, there is no control over the data after sending it to client side. I mean, the visitor can still extract the something.xml file's content from the JavaScript variables.

I understand what you would like to do. But there is no way.

If the JavaScript downloads the XML file with [tt]XMLHttpRequest[/tt] then you can harden abit the visitors job to get the file, but you can not stop them.


Feherke.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Krus1972
  • Locked
  • Question
Rewrite Rule for .htaccess Help
Replies
0
Views
141
Krus1972
Krus1972
tyutghf
  • Locked
  • Question
htaccess password protect website
Replies
1
Views
71
feherke
feherke
gandalf458
  • Locked
  • Question
SEO-friendly URLs and .htaccess
Replies
4
Views
144
ChrisHirst
ChrisHirst
RWunder
  • Locked
  • Question
Using .htaccess to control http and https
Replies
0
Views
79
RWunder
RWunder
PCHomepage
  • Locked
  • Question
.htaccess Issue
Replies
7
Views
119
PCHomepage
PCHomepage

Part and Inventory Search

Sponsor

Back
Top