Josh Josh - 6 months ago 27
PHP Question

Using htaccess, how to restrict seeing directory contents, but allow server to use the contents?

More specifically, I have an htaccess file that restricts anyone from seeing the directory contents. Such that, nobody can see my 1000s of images in www.example.com/images by using:

deny from all
allow from 127.0.0.1


However, I want to use these images on www.example.com such that,
<img src="images/thisimg.jpg" />
works.

I hope I'm in the right direction, but I appreciate any insight/re-direct. This is similar to: How to protect all directory contents, but gain access to php script but I want to link to these images in that directory, and using
deny from all
does not allow me to do that.

Thanks in advance for your help.

Answer

All you need to keep people from seeing the directory contents is an index.php or .html file in that folder. Any requests for yoursite.com/images will load index.php, which you'll set to a dummy page.

index.html could be something like:

<html><title>Forbidden!</title><body>Nothing to see here...</body></html>

or a redirect script index.php:

<?php header('Location: /index.php'); exit(); ?>

Don't use .htaccess for blocking directory listings, it blocks access to everything.