Tutorials, Htaccess

Hiding and protecting a directory with htaccess

When building web applications is makes sense to hide sensitive files such as say a config file into a folder that will only be accessible via a script and not directly.

One way is to name the directory with a . then the name so if you have a folder called includes rename it to .includes the folder is still accessible but FTP programs and the like hide folder prefixes with a . then to make it locked down place a .htaccess file inside it and place the following:

order allow,deny
deny from all

This disables all access by denying anyone from access the folder. You can still use the files inside the directory by including them into your scripts.

David Carr

David Carr

For the past 12 years, I’ve been developing applications for the web using mostly PHP. I do this for a living and love what I do as every day there is something new and exciting to learn.

In my spare time, the web development community is a big part of my life. Whether managing online programming groups and blogs or attending a conference, I find keeping involved helps me stay up to date. This is also my chance to give back to the community that helped me get started, a place I am proud to be apart of.

Besides programming I love spending time with friends and family and can often be found together going out catching the latest movie, staying in playing games on the sofa or planning a trip to someplace I’ve never been before.