Zend - Deny access to CSS, JS, Image files

Posted by Vincent on Stack Overflow See other posts from Stack Overflow or by Vincent
Published on 2010-05-06T07:56:08Z Indexed on 2010/05/06 7:58 UTC
Read the original article Hit count: 230

Filed under:
|
|
|
|

All,

I have the following Zend application structure:

helloworld
 - application
     - configs
     - controllers
     - models
     - layouts
 - include
 - library
 - public
    - design
       -- css
           -- site.css
       -- js
           -- global.js
       -- images
           -- siteheader.gif
           -- sitefooter.gif
    - .htaccess
    - index.php

My .htaccess file in public folder looks like this:

Options -MultiViews

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
RewriteRule ^.*$ index.php [NC,L]

My document root points to the "public" folder. Currently, if the user visits a directory level URL, (Ex: http://localhost/design or localhost/css) , my .htaccess file above make sure to show him the "Access Forbidden" page. But if he visits the file level URL, (Ex: http://localhost/design/css/site.css), it shows him the CSS file or the js file or PHP file..

How can I make sure to lock file level access for the above file types, if accessed directly from the URL? Since my application is JS intensive, I want to protect it from users looking at it.

Thanks

© Stack Overflow or respective owner

Related posts about zend-framework

Related posts about JavaScript