Restricts static files to a specific people using Apache/PHP.
I built this because I needed to protect some static files on a shared web host that offers Apache (without mod-auth-openid) and PHP.
To restrict access a folder located at http://example.com/path/:
- Copy
.htaccess
and_auth/
under/path
- In
.htaccess
, changeRewriteBase
to/path
- In
_auth/
, copyconfig.sample.php
toconfig.php
, and- change
$AUTH_PATH
tohttp://example.com/path/
- add allowed email IDs to
function allow()
- change
.htaccess
redirects all requests to_auth/authorize.php
._auth/authorize.php
logs the user in via their Google ID. (This uses uses HybridAuth. You can use Twitter, Facebook, OpenID, etc instead of Google.)- If the user is allowed by your
function allow()
, it reads & shows the file.
This is tolerably efficient. On my laptop, static files are served at 2,500/s. With this module, it still managed 1,700/s.
ProtectStatic is released under dual licence MIT and GPL. Same as HybridAuth licences.