2009/1/19 R B <rbpphp@xxxxxxxxx> > I like this apache solution, but if i put > > SetEnvIf Referer "^http://www.yourdomain.com" local_referal > > Then i can access the file putting this path in the URL: > > http://www.yourdomain.com/xyz/scriptfile.php > And i don´t want the script to be access by the url. That is the main > problem. > No, you can't , not if you do it properly. imagine that you have a folder like /srv/www/htdocs that is the document root of you web server, and you have /srv/www/includes, just annother file. You can have al your protected files ther, and include them from files that are in the document root of your web server, and are public. If you don't want this sepparation, you can use a .htaccess file in the folder, and deny the folder from all. (i recall hearing/reding that this actually works even if allow overrule is off , didn't actually tryed it, but i imagine is more of a hack ) > > Thanks > > > On Mon, Jan 19, 2009 at 1:38 PM, Richard Heyes <richard@xxxxxxx> wrote: > > > > ... > > > > This may be of some help. It's from the Apache website and only allows > > access if the Referer header is sent by the browser and is > > www.yourdomain.com, ie. Direct access is not permitted: > > > > ########################################### > > SetEnvIf Referer "^http://www.yourdomain.com" local_referal > > > > Order Deny,Allow > > Deny from all > > Allow from env=local_referal > > ########################################### > > > > -- > > Richard Heyes > > > > HTML5 Graphing for Firefox, Chrome, Opera and Safari: > > http://www.rgraph.org (Updated January 17th) > > > -- Torok, Alpar Istvan