I need to create a folder on the server that can only be accessed via ftp and by php scripts. I dont want somebody to be able to just type in the url and get access to it. Is this the point of the _private folder that is already in the www folder?
I read that if I put something outside the www folder, no one online will be able to see it. This sounds like what I want, but can php scripts in the www folder access it?
x10 Minion
_private is not the folder you are looking for. Either put the files in the directory above public_html or create a new folder and set the permissions to deny access from 'world'.
x10 Spammer
Won't work on X10, since the server process runs with your user credentials. You could use the Order directive to deny access to specific directories. You'd also better configure Apache to return a 404 response rather than a 403 to hide the directory's existence. In the directory's .htaccess file, put:Originally Posted by lemon-tree
Now that I think about it, the Order directive is unnecessary. The redirect is sufficient.Code:Order allow,deny RedirectMatch 404 ^
In any case, placing the files outside the web folder hierarchy is the simplest and conceptually cleanest approach.
Last edited by misson; 07-08-2010 at 05:43 PM.
Be sure to read all pages linked in this post; they have further information that should prove useful. When asking for help, make sure you follow Eric Raymond's and Jon Skeet's guidelines for prompt, accurate responses. Please answer any questions I ask; they're not rhetorical (probably). Any posted code is intended as illustrative example, rather than a solution to your problem to be copied without alteration. Study it to learn how to write your own solution.Misson, not Mission.
Well if I place the folder outside the www directory, what url would I use in my php scripts?
Say I make a folder called "Secret" outside the www directory
would the link be www.mysite.com/secrets/
?
Grim Squeaker
If your user name is 'george', you can create a directory
/home/george/secret
and put your files there.
If you want to include the file in one of your PHP scripts , you would use
require_once( '/home/george/secret/special.php' )
Nothing is always absolutely so.
x10 Minion
It does work, just try accessing this file: http://lemon.x10hosting.com/secrette...secretfile.phpWon't work on X10, since the server process runs with your user credentials. You could use the Order directive to deny access to specific directories. You'd also better configure Apache to return a 404 response rather than a 403 to hide the directory's existence. In the directory's .htaccess file, put:
It does exist and I have just set the folder to 750. So this does work, however your .htaccess solution works better.
Edit: I'll be deleting that folder and file tomorrow though once you've had a look so it doesn't clutter up my directory.
Last edited by lemon-tree; 07-08-2010 at 06:11 PM.
When I log on via FTP and i go to the highest possible folder, i can see .cpanel .htpasswds .trash, etc...
If I made the folder here, the url would be www.mysite/secrets/ ?
Grim Squeaker
No. You would not be able to access it from the web.
Nothing is always absolutely so.
So what did lemo mean about putting it outside the public folder?
---------- Post added at 01:29 AM ---------- Previous post was at 01:05 AM ----------
how would I change this htacess file to make the folder that it's in private?:
# -FrontPage-
IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*
<Limit GET POST>
order deny,allow
deny from all
allow from all
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>
AuthName thumbscalp.com
AuthUserFile /home/thumbsca/public_html/_vti_pvt/service.pwd
AuthGroupFile /home/thumbsca/public_html/_vti_pvt/service.grp
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote