_private folder?

Discussion in 'Graphics & Webdesign' started by ryanmaelhorn77, Jul 8, 2010.

  1. I need to create a folder on the server that can only be accessed via ftp and by php scripts. I dont want somebody to be able to just type in the url and get access to it. Is this the point of the _private folder that is already in the www folder?

    I read that if I put something outside the www folder, no one online will be able to see it. This sounds like what I want, but can php scripts in the www folder access it?
     
  2. lemon-tree

    lemon-tree x10 Minion Community Support

    Messages:
    1,420
    Likes Received:
    46
    Trophy Points:
    48
    _private is not the folder you are looking for. Either put the files in the directory above public_html or create a new folder and set the permissions to deny access from 'world'.
     
  3. misson

    misson Community Paragon Community Support

    Messages:
    2,572
    Likes Received:
    72
    Trophy Points:
    48
    Won't work on X10, since the server process runs with your user credentials. You could use the Order directive to deny access to specific directories. You'd also better configure Apache to return a 404 response rather than a 403 to hide the directory's existence. In the directory's .htaccess file, put:
    Code:
    Order allow,deny
    RedirectMatch 404 ^
    Now that I think about it, the Order directive is unnecessary. The redirect is sufficient.

    In any case, placing the files outside the web folder hierarchy is the simplest and conceptually cleanest approach.
     
    Last edited: Jul 8, 2010
  4. Well if I place the folder outside the www directory, what url would I use in my php scripts?
    Say I make a folder called "Secret" outside the www directory

    would the link be www.mysite.com/secrets/

    ?
     
  5. descalzo

    descalzo Grim Squeaker Community Support

    Messages:
    9,375
    Likes Received:
    327
    Trophy Points:
    83
    If your user name is 'george', you can create a directory

    /home/george/secret

    and put your files there.

    If you want to include the file in one of your PHP scripts , you would use

    require_once( '/home/george/secret/special.php' )
     
  6. lemon-tree

    lemon-tree x10 Minion Community Support

    Messages:
    1,420
    Likes Received:
    46
    Trophy Points:
    48
    It does work, just try accessing this file: http://lemon.x10hosting.com/secrettestfolder/supersecretfile.php
    It does exist and I have just set the folder to 750. So this does work, however your .htaccess solution works better.

    Edit: I'll be deleting that folder and file tomorrow though once you've had a look so it doesn't clutter up my directory.
     
    Last edited: Jul 8, 2010
  7. When I log on via FTP and i go to the highest possible folder, i can see .cpanel .htpasswds .trash, etc...

    If I made the folder here, the url would be www.mysite/secrets/ ?
     
  8. descalzo

    descalzo Grim Squeaker Community Support

    Messages:
    9,375
    Likes Received:
    327
    Trophy Points:
    83
    No. You would not be able to access it from the web.
     
  9. So what did lemo mean about putting it outside the public folder?

    ---------- Post added at 01:29 AM ---------- Previous post was at 01:05 AM ----------

    how would I change this htacess file to make the folder that it's in private?:

    # -FrontPage-

    IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*

    <Limit GET POST>
    order deny,allow
    deny from all
    allow from all
    </Limit>
    <Limit PUT DELETE>
    order deny,allow
    deny from all
    </Limit>
    AuthName thumbscalp.com
    AuthUserFile /home/thumbsca/public_html/_vti_pvt/service.pwd
    AuthGroupFile /home/thumbsca/public_html/_vti_pvt/service.grp
     

Share This Page