How do i make folder on server secure?

Question

I'm creating a website on my local computer and have no database system.

For each user entering the page, i create a text file with their IP adress as the name. So when i go on the website when it's hosted on my computer, a PHP script creates a file hits/127.0.0.1.txt.

The file contains some sensitive information, and i dont want anything else then my PHP scripts to access the files.

When i write 'localhost/mysite/hits/' i can access all the text files and information. I'd like to prevent this so people wont be able to see this when i publish the site

How can i do this?

And by the way, I create this file to use it to count visitors and see when i get most visitors.

Answer 1

It is depending on your Webserver

Apache:

You need to insert in the directory a .htaccess file, with content deny from all

https://stackoverflow.com/a/9282193/2441442

IIS:

You need a File web.config to configure Request Filtering:

<configuration>
   <system.webServer>
       <security>
          <requestFiltering>
               <hiddenSegments>
                   <add segment="My_Directory" />
               </hiddenSegments>
           </requestFiltering>
       </security>
   </system.webServer>
</configuration>

https://stackoverflow.com/a/4038572/2441442

Nginx:

You write in your Configuration:

location ~ /(dir1|dir2|dir3) {
   deny all;
   return 404;
}

Because of the background of Nginx (Performance) you need to restart the server. The config is only one time loaded.

https://serverfault.com/a/232706/220399

For all other

http://bit.ly/1ktwZHG

Answer 2

You can try and create an .htaccess file in the folder and deny all in the .htaccess script