user1237122 user1237122 - 5 months ago 38
PHP Question

Allow PHP file_get_contents but restrict all other public access to directory

I have a directory of PDF files that nobody should be able to access, however the directory must remain in the webroot. I use

file_get_contents
to access the PDF files for use in my PHP scripts (ie. base64_encoding and protected downloads).

I have tried different combinations of the following in my .htaccess located inside the directory, but it either restricts all access, causing the PHP script to fail, or allows full access for all users.

order deny,allow
deny from all
allow from localhost
satisfy any


All PDF files have
-rw-r--r--
permissions and are owned by
apache
user.

What should I put in my .htaccess file to prevent users from accessing the directory but allowing PHP scripts access?

Answer

If you're doing this: file_get_contents('http://www.example.com/pdfs/mypdf.pdf') then it's using http. If you're doing this: file_get_contents('/public_html/pdfs/mypdf.pdf') then it isn't. Denying all in htaccess and using file_get_contents on a local path would meet your requirements as long as your code and pdfs reside on the same file system. (Moved from comments...)