how i can protect folder which includes uploaded files?

how i can protect folder which includes uploaded files?

i have folder include all开发者_C百科 files which uploaded by me, i want if user try to change url or pass to show all files, browser redirect him to another page like this example

www.tet.php/folder/text.doc

if user try to write (www.tet.php/folder) to show all files redirect him automatically to www.tet.php

or any one please tell me tricky way to disappear /folder/

---

I don't know php but one solution I am thinking about and don't know if php can handle or not:

You can put your “UsersUploads” folder outside the website directory, so if your website exist on “c:\website\example.com” you can put the “UsersUploads” there “c:\UsersUploads”, Like that Your web server has no control over this folder and its files, And your website code will still have access to this directory as a normal physical path.

---

If you use Apache, you have 2 solutions:

• Move your uploaded_files folder out of your DocumentRoot (the root of the folders that are accessible from the web).

• Use an .htaccess file in that folder to block access to this folder.

A little example of an .htaccess using an authentication to access to the folder:

AuthName "Page d'administration protégée"
AuthType Basic
AuthUserFile "/var/www/uploadedfiles/.htpasswd"
Require valid-user

---

If you use IIS then you have just to deny access to that folder for everyone through your IIS Administration console. You also can deny any access except for certain IP adresses or adressranges.

---

Just to expand on @Clement's answer to include the part about redirecting to a page on failure:

AuthName "Page d'administration protégée"
AuthType Basic
AuthUserFile "/var/www/uploadedfiles/.htpasswd"
Require valid-user
ErrorDocument 403 www.urlToRedirectTo.com

Also, .htpasswd should be placed outside of the web root, and should simply contain username:pasword. The password should be hashed. You can easily find utilities online to create these files for you.