Protected directory for extern access


Suppose I have this directory in …webroot/uploads

All files in this folder one can be accessed by typing this url http://host/uploads/somefile.pdf

If I set a password protection in a .htaccess file for this folder every time apache will ask for username and password. But for internal use, when I access this pdf-file in php code, appache will also ask for username and password!

This is my problem.

When I call my url from a browser outside with http://host/uploads/somefile.pdf then apache should ask for password and username but when I use this url in php code it should not ask!

I try out all posible ways but couldn’t find any goot solution. Did somebody got the same or similar problem? It would be nice to give me a hint to solve this problem…


put ‘uploads’ outside of webroot (not cake webroot but server webroot). And if you have to access files from that directory in browser do it trough proxy file that will fetch file content only for authorised users.

you could leave htacess with password and in php code use something like that:

$filePath = "path to somefile.pdf";
return $this->response;