user1237122 user1237122 - 1 year ago 74
PHP Question

Allow PHP file_get_contents but restrict all other public access to directory

I have a directory of PDF files that nobody should be able to access, however the directory must remain in the webroot. I use

to access the PDF files for use in my PHP scripts (ie. base64_encoding and protected downloads).

I have tried different combinations of the following in my .htaccess located inside the directory, but it either restricts all access, causing the PHP script to fail, or allows full access for all users.

order deny,allow
deny from all
allow from localhost
satisfy any

All PDF files have
permissions and are owned by

What should I put in my .htaccess file to prevent users from accessing the directory but allowing PHP scripts access?

Answer Source

If you're doing this: file_get_contents('') then it's using http. If you're doing this: file_get_contents('/public_html/pdfs/mypdf.pdf') then it isn't. Denying all in htaccess and using file_get_contents on a local path would meet your requirements as long as your code and pdfs reside on the same file system. (Moved from comments...)