Seems it is a question about .htaccess, not sure what should I use.
How can I make files inside /data/ folder available to read and write only for scripts?
Users should not have access to them from browser window.
views:
36answers:
2
+1
A:
You can change the ownership of the directory to the www or apache user, depending on what user your web-server is running as.
Then make sure that the permissions of the directory are set to 644 so that only the owner can write. If you want nobody else to be able to read, just make it 600.
jeroen
2010-09-20 22:49:56
That wouldn't make them unavailable to users through HTTP as specified. That would affect other local users on the server.
Alex JL
2010-09-20 22:52:36
600 - nobody can access, even scripts?
Happy
2010-09-20 22:54:29
@Alex JL, that´s true, they should definitely be outside of the web server's document root, but when I read `/data/` I kind of assumed that already.
jeroen
2010-09-20 23:05:33
@Happy, if the user that runs the web-server owns the directory, it can still read and write with permissions 600.
jeroen
2010-09-20 23:06:22
True, but it's not clear whether `/` refers to the file system root or web server root. I think he means the web server root. Otherwise, they'd already be unavailable.
Alex JL
2010-09-20 23:29:23
@Alex JL, yes, reading the question again, my assumption doesn´t seem quite right...
jeroen
2010-09-21 01:01:00
+7
A:
Simplest way to block access to non-scripts: move it outside the web server's document root. If your PHP files are served from /var/www/htdocs, put your data files in /var/www/data.
If that's not possible, the .htaccess solution looks like:
# don't let anyone access these files directly
Order allow,deny
Deny from all
Adam Backstrom
2010-09-20 22:50:37
You can put it right in your `data` directory. `.htaccess` files affect child directories, so this change will block access to whatever directory it's placed in, plus all children. (Until it's overridden by something else.)
Adam Backstrom
2010-09-21 00:07:06