Restricting url access HTML files from folder

umeshhodwala · April 1, 2023, 6:29am

In my project, i have large number (10000) of .htm files (kept in /public/htm/) folder. This serve as knowledgebase. These fiiles are shown in iframe in app.

I want that they can be accessed from my app but not by typing url in browser.

Presently user can access these files by typing url in browser window. I want to restrict it.

Can it be done by express like mentioned in https://www.appsloveworld.com/nodejs/100/177/prevent-direct-access-to-html-page-in-node-js or any otherway?

I am new to wappler, so request detailed steps?

Thanks in advance.

Cheese · April 1, 2023, 1:59pm

Have you considered using .htaccess to restrict access to the directory solely from the primary domain?

Not the best solution by far but one that would be relatively simple to implement.

umeshhodwala · April 1, 2023, 2:40pm

The domain will be same in both cases (from my app or direct url access). The user can copy the file url ex. www.abc.com/public/htm/1.htm. This he can easily get by inspecting page for iframe src.

Cheese · April 1, 2023, 3:15pm

Like I said not the best solution. With 10000 files to secure whichever way you go about it outside of the basics is not going to be an ‘easy’ fix. Ideally this content would be served from the database. Wappler does not have the remit to cover directory security/permission sets. Create a .htaccess file in the directory containing the .html files and set specific rules within the .htacces file (assuming you run Apache of course, hit up Stackoverflow for further examples).

Maybe there is an alternative to this suggestion? Been many years since have used iframes for anything to be honest, thus am a little out of touch in that regard.