Restricting Directory Access

[mattspriggs28]

Hi,

 

I have a number of directories on my website that store files uploaded via the CMS.

 

For example, I have a directory named /files for storing any documents uploaded via the CMS.

 

I need this directory to remain writable, but I want to prevent any user from simply going to http://www.mydomain.com/files and viewing a list of all the files in that directory.

 

Is this done through the directory permissions? If so, what are the correct permissions to use to help it remain writable but not viewable?

 

If not, can it be done through the htaccess file? Can anyone supply code examples within the htaccess file?

 

Thanks for your help.

[Fergal Andrews]

Hi mattspriggs28,

There are a number of ways to prevent reading of files but allow writing to a directory. You can do it with server configuration but directory permissions is usually easier. If your hosting is unix/linux then check this link for information on how to change the permissions. You can often  do this through your ftp software.

 

http://www.perlfect.com/articles/chmod.shtml

 

Also, stick a blank index.html file in there so that it will display instead of a list of files if a user goes directly to the directory url.

 

all the best,

Fergal

[freelance84]

htaccess too. This line in the .htaccess prevents people from viewing a directory if there is no index:

 

Options -Indexes

 

I learnt about this not so long ago

http://www.phpfreaks.com/forums/index.php/topic,302835.msg1432859.html#msg1432859

[vividona]

put index file inside the directory

 

/files/index.php