How can I block direct access to my JavaScript files?

javascript php minify

Can't you just use an .htaccess file inside doc_root/scripts to prevent all access over the web to .js files over HTTP?

It won't stop minify, since that provides indirect access.

So in doc_root/scripts/.htaccess, something along the lines of

<Files ~ "\.js$">
    order allow,deny
    deny from all
</Files>

Note that the location of the .htaccess file matters in this case.


You effectively can't block end-user facing code. Even if you served it with PHP or another server-side language and blocked direct requests, it's of course still possible to read it directly with a number of tools.

You should code with this in mind and be mindful with javascript comments, business knowledge, etc.

UPDATE:

However, if you're talking about code that doesn't ever need to be accessed by an end-user, you could as you mentioned move it out of the server root, or you can block the files in your directory (or an entire directory). It's easy with Apache's .htaccess.

order deny, allow
deny from all

You could also redirect the source files to the minified versions with mod_rewrite in your .htaccess file.

RewriteEngine On
RewriteRule /scripts/(.*)$ /min/$1 [L,NC]

Related

@ARGV is empty using ActivePerl in Windows 7
When do redstone torches burn out?
Does Borderlands 2 have a special Developer's chest
What is the plot id/flag for the survival of the grissom academy students in mass effect 3 for the ME 3 editor?
which pets are Tank pets in Cube World?
Does Minecraft 1.6 have higher practical system requirements than 1.5.1?
Is there a way to center on a event in Strategic View?
Skyrim, Fallout 3 and New Vegas: major mouse issues
Unable to clear a mission to "buy something new in the stash"?
GTA V Garages 'Special Vehicles'
Cannot confirm trade(gift) on steam authenticator
Do wonders in puppeted cities have any effect? [duplicate]