Deny access to a file so it cannot be downloaded

Forum Moderators: phranque

Message Too Old, No Replies

Deny access to a file so it cannot be downloaded

a1plus822

7:46 am on Jun 27, 2009 (gmt 0)

I have basic knowledge with Apache servers,Currently my homepage is obtained through a script, example the contents of my index.htm page is basically pointing to another javascript file and in that js file it points to the actual page for viewing. All this works good-problem is if the user views source they can get the name of the js file and enter [mysite.com...] and it will download the file and then they will know my actual page-I do not want this. Is there a way to deny access to the js file and yet have the server read it in my index.htm page. I have tried .htaccess using deny from all and that stops the outside access and also causes my homepage not to display. I would like to have my page display and block access to the js file from the end user, is this possable? I have tried:
<FilesMatch "^\.js">
Order allow,deny
Deny from all
Satisfy All
</FilesMatch>
in the httpd.conf file and I get the same result.

tangor

9:13 am on Jun 27, 2009 (gmt 0)

If it can be viewed (desired) it can be obtained (not desired). If you don't want anyone to obtain the file, don't display it. At the very best you can only nick the less intelligent... and the rest will take your stuff all day long.

jdMorgan

1:27 pm on Jun 27, 2009 (gmt 0)

To point a finer point on it, JavaScript is client-side code, executed in the browser. So in order for the browser to execute it, it must be downloaded. But the server sees no difference between a browser downloading the code to execute it and the browser downloading the code to 'view' or 'save' it. So it's impossible to block 'view' or 'save' downloads while allowing 'execute' downloads.

If the function is so important, critical, or 'secret,' then perhaps this code's function should be moved to the server-side and accomplished in PHP or PERL.

Jim

a1plus822

2:31 pm on Jun 27, 2009 (gmt 0)

Hi,

Many thanks. I appreciate you all clearing this up.