Hey,

I have been trying to block access to my CSS, JS and PHP include(s) files. I have been able to block the PHP files with this code:

Code: Select all

<Files *.php>
order allow,deny
deny from all
</Files>

And the PHP includes still work. I have tried doing the same thing for my CSS, but then no CSS styles are included on the page... Is there anyway to block direct access to my CSS/JS files so that they can't be downloaded, and still keep the pages working?

Thanks, Brandon

Well the problem is, css style sheet, as well as html, must be publicly reachable to be loaded by a browser.

Includes are server-side, so you do not need to leave the access to all php files.

That's just how it is

Sigh... Okay. What about javascript and images, is there anyway to block those?

The same.

You can implement some JS to hide JS a bit, and html as well, but, it's not really a protection, since user would see everything all right if they turn JS off.

Anyway, what are you afraid about ?

Internet is mostly public, everybody can access most of the source code, and that's probably why it's growing so fast, because sharing is almost mandatory

++

I guess I will just leave it public...

At it's not that I'm "afraid" of anything, I just like ot keep my sites locked down as tight as possible - For security reasons.

Thanks!

You do not take great security risks with css style sheets IMHO, but it's better to think about security like you seem to do.

Locking all php files called through include is for sure a wise thing.
You may as well want to do as phpBB does in addition, define a IN_PHPBB constant in the public files, and check if it was declared in the included ones :

Code: Select all

if ( !defined('IN_PHPBB')  )
{
   die('Hacking attempt');
   exit;
}

I think it's even better to rely on both php, with this check, and Apache, with the .htaccess, to deny access to these files.

++

Hello, good question. I found this...

Code: Select all

<Files ~ "\.tpl$">
Order allow,deny
Deny from all
Satisfy All
</Files>

Credit
CyberAlien