RESOLVED: CRON and .htaccess -- do they play nice?

Hi, fellow DH-heads!

I am interested in creating a cronjob via the web panel and am going to have it call a PHP script within my app. I would like to include the script with the app, rather than have it reside above the public directory – for portability’s sake. Of course, I don’t want visitors or spiders stumbling onto the script, so I thought .htaccess to deny public access might work.

But so far, no joy.

I’m wondering if .htaccess is not a viable way to do this…and what would be a better approach to keep everything/everyone (except the daemon) out if the script is located within the tree of my app. If .htaccess is indeed a viable method, then I suppose I’ll pour over my syntax (again)…


Thanks for any suggestions.

  • Alar

As far as I know, CRON will ignore your .htaccess file since it runs under a different user, not your user. A viable way would be to make your php script require a parameter, without which it will simply not run, or redirect to a 404 error page making it seem like it doesn’t exist. You could do it like this:

$required_param = $_GET[‘access’];
if(empty($required_param) || !isset($required_param) || $required_param != “some unique value”) {
header(“HTTP/1.0 404 Not Found”);

// The param was set, was not empty, and was equal to the preset value, you can do your code now.

This will look for the URL parameter “access” and check if it is set, not empty, and equal to “some unique value”. If it is, it will run the code you specify. If it is not, it will send a 404 error code, making it appear as though the page doesn’t exist.

Hi, and thanks for the reply. If that’s the case, I better go back and look at the syntax for my cron job to make sure I didn’t introduce the error there. The 404 will work fine, thanks for the suggestion.

Ok, one issue led to another, but I finally got it worked out after I resolved three things…here they are:

Problem 1) I have 2 users of identical names, each on a different machine. I was trying to run the cronjob under the wrong user (and thus, on the wrong machine.) I switched users and that got the cronjob to email me some output – lots of error messages which led me to the next issue.

Problem 2) The php script that I’m running with this cronjob contains a couple of includes that are included relative to the php script. I just used Curl so the php script would act as though it had been called in a browser, allowing the relative includes to be, well, included. This cleared up most of the error messages I’d received in the emailed output, but there was still one error, which led me to the final issue.

Problem 3) The Curl example I found on the forum here didn’t work for me, having the word ‘curl’ in it too many times. Actually, it DID work in terms of running the script, but it was returning (along with the rest of the output) an error that read “…could not resolve host ‘curl’…” … so, I took this:
-> [color=#FF0000]cd /home/; /usr/bin/curl curl http://<>/path/to/php/script.php[/color]
…and edited it down to this…
-> [color=#FF0000]cd /home/; /usr/bin/curl http://<>/path/to/php/script.php[/color]

And voila! The cronjob is now running the script without any errors and it’s then sending nicely formatted output to my email.

But before I wrap this up, let me answer the question that I originally came with: do cronjobs and .htaccess play nice together? Yes and no. If it’s just general .htaccess (such as, say, php flags, url rewriting, hotlink prevention, etc) then yes, it works fine. However, if there is password protection via .htpasswd, the script is stopped dead in its tracks and the emailed output is none other than the HTML source of a 401 error page (Auth Req’d).

Hope someone finds this useful…and thanks a lot for the assist!!


  • Alar