How can I block direct access to my JavaScript files?

Question 1

I use Minify to minify and cache all my script requests. I only want my users to be able to access the minified versions of the JavaScript files.

Minify lies at www.example.com/min and my scripts are at www.example.com/scripts. How can I block direct access to doc_root/scripts which is where my unminified JavaScript files lie. I'd rather not put them out of the document root but it's an option.

Please note that I'm using Zend Framework, so the actual root of my application is shifted to www.example.com/public. An htaccess file handles the rewrite.

Question 2

Can't you just use an .htaccess file inside doc_root/scripts to prevent all access over the web to .js files over HTTP?

It won't stop minify, since that provides indirect access.

So in doc_root/scripts/.htaccess, something along the lines of

<Files ~ ".js$">
    order allow,deny
    deny from all
</Files>

Note that the location of the .htaccess file matters in this case.

Question 3

Into folder members create new folder files, move here all your songs, create new .htaccess file and add the following lines:

Order Deny,Allow
Deny from all

Into folder members create file get_song.php and add the following code:

if( !empty( $_GET['name'] ) )
{
  // check if user is logged    
  if( is_logged() )
  {
    $song_name = preg_replace( '#[^-w]#', '', $_GET['name'] );
    $song_file = "{$_SERVER['DOCUMENT_ROOT']}/members/files/{$song_name}.mp3";
    if( file_exists( $song_file ) )
    {
      header( 'Cache-Control: public' );
      header( 'Content-Description: File Transfer' );
      header( "Content-Disposition: attachment; filename={$song_file}" );
      header( 'Content-Type: application/mp3' );
      header( 'Content-Transfer-Encoding: binary' );
      readfile( $song_file );
      exit;
    }
  }
}
die( "ERROR: invalid song or you don't have permissions to download it." );

And now, you can use this URL to get the song file:
http://mysite.com/members/get_song.php?name=my-song-name

Question 4

I have used a PHP implementation of JSMin by Douglas Crockford for quite some time. It can be a little risky when concatenating files, as there may be a missing semicolon on the end of a closure.

It'd be a wise idea to cache the minified output and echo what is cached so long as it's newer than the source file.

require 'jsmin.php';

if(filemtime('scripts_template.js') < filemtime('scripts_template.min.js')) {
  read_file('scripts_template.min.js');
} else {
  $output = JSMin::minify(file_get_contents('scripts_template.js'));
  file_put_contents('scripts_template.min.js', $output);
  echo $output;
}

You could also try JShrink. I haven't ever used it before, since I haven't had difficulty with JSMin before, but this code below should do the trick. I hadn't realized this, but JShrink requires PHP 5.3 and namespaces.

require 'JShrink/Minifier.php';

if(filemtime('scripts_template.js') < filemtime('scripts_template.min.js')) {
  read_file('scripts_template.min.js');
} else {
  $output = JShrinkMinifier::minify(file_get_contents('scripts_template.js'));
  file_put_contents('scripts_template.min.js', $output);
  echo $output;
}

Question 5

Javascript minifier?

Take a look here

require_once('jsmin-1.1.1.php');

$files = glob("/path/to/js/merge/*.js");
$js = "";
foreach($files as $file) {
    $js .= JSMin::minify(file_get_contents($file));
}

file_put_contents("/path/to/js/combined.js", $js);
// or to output it: echo $js;

Question 6

Hope this will help.

# cat /etc/pam.d/su
auth            sufficient      pam_rootok.so
auth            [default=1 success=ok ignore=ignore] pam_wheel.so trust use_uid group=group1
auth            [success=2 default=die] pam_listfile.so item=user sense=allow onerr=fail file=/etc/security/su-group1-access
auth            [default=die success=ok ignore=ignore] pam_wheel.so trust use_uid group=group2
auth            requisite pam_listfile.so item=user sense=allow onerr=fail file=/etc/security/su-group2-access
auth            include system-auth
account              sufficient        pam_succeed_if.so uid = 0 use_uid quiet
account              include                system-auth
password             include                system-auth
session              include                system-auth
session              optional        pam_xauth.so

# cat /etc/security/su-group1-access |egrep -v "^#|^$"
oracle
user

# cat /etc/security/su-group2-access |egrep -v "^#|^$"
root

Original answer: Use Below

# cat /etc/pam.d/su |egrep -v "^#|^$"
auth        sufficient  pam_rootok.so
auth        [success=2 default=ignore] pam_succeed_if.so use_uid user notingroup group1
auth        required pam_wheel.so use_uid group=group1
auth        required pam_listfile.so item=user sense=allow onerr=fail file=/etc/security/su-group1-access
auth        [success=2 default=ignore] pam_succeed_if.so use_uid user notingroup group2
auth        required pam_wheel.so use_uid group=group2
auth        required pam_listfile.so item=user sense=allow onerr=fail file=/etc/security/su-group2-access
auth        include     system-auth
account     sufficient  pam_succeed_if.so uid = 0 use_uid quiet
account     include     system-auth
password    include     system-auth
session     include     system-auth
session     optional    pam_xauth.so

# cat /etc/security/su-group1-access |egrep -v "^#|^$"
oracle
user

# cat /etc/security/su-group2-access |egrep -v "^#|^$"
root

How can I block direct access to my JavaScript files?

Answers

php,javascript,minify