_private folder?

R

ryanmaelhorn77

Guest
I need to create a folder on the server that can only be accessed via ftp and by php scripts. I dont want somebody to be able to just type in the url and get access to it. Is this the point of the _private folder that is already in the www folder?

I read that if I put something outside the www folder, no one online will be able to see it. This sounds like what I want, but can php scripts in the www folder access it?
 

lemon-tree

x10 Minion
Community Support
Messages
1,420
Reaction score
46
Points
48
_private is not the folder you are looking for. Either put the files in the directory above public_html or create a new folder and set the permissions to deny access from 'world'.
 

misson

Community Paragon
Community Support
Messages
2,572
Reaction score
72
Points
48
create a new folder and set the permissions to deny access from 'world'.
Won't work on X10, since the server process runs with your user credentials. You could use the Order directive to deny access to specific directories. You'd also better configure Apache to return a 404 response rather than a 403 to hide the directory's existence. In the directory's .htaccess file, put:
Code:
Order allow,deny
RedirectMatch 404 ^

Now that I think about it, the Order directive is unnecessary. The redirect is sufficient.

In any case, placing the files outside the web folder hierarchy is the simplest and conceptually cleanest approach.
 
Last edited:
R

ryanmaelhorn77

Guest
Well if I place the folder outside the www directory, what url would I use in my php scripts?
Say I make a folder called "Secret" outside the www directory

would the link be www.mysite.com/secrets/

?
 

descalzo

Grim Squeaker
Community Support
Messages
9,373
Reaction score
326
Points
83
If your user name is 'george', you can create a directory

/home/george/secret

and put your files there.

If you want to include the file in one of your PHP scripts , you would use

require_once( '/home/george/secret/special.php' )
 

lemon-tree

x10 Minion
Community Support
Messages
1,420
Reaction score
46
Points
48
Won't work on X10, since the server process runs with your user credentials. You could use the Order directive to deny access to specific directories. You'd also better configure Apache to return a 404 response rather than a 403 to hide the directory's existence. In the directory's .htaccess file, put:
It does work, just try accessing this file: http://lemon.x10hosting.com/secrettestfolder/supersecretfile.php
It does exist and I have just set the folder to 750. So this does work, however your .htaccess solution works better.

Edit: I'll be deleting that folder and file tomorrow though once you've had a look so it doesn't clutter up my directory.
 
Last edited:
R

ryanmaelhorn77

Guest
When I log on via FTP and i go to the highest possible folder, i can see .cpanel .htpasswds .trash, etc...

If I made the folder here, the url would be www.mysite/secrets/ ?
 
R

ryanmaelhorn77

Guest
So what did lemo mean about putting it outside the public folder?

---------- Post added at 01:29 AM ---------- Previous post was at 01:05 AM ----------

how would I change this htacess file to make the folder that it's in private?:

# -FrontPage-

IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*

<Limit GET POST>
order deny,allow
deny from all
allow from all
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>
AuthName thumbscalp.com
AuthUserFile /home/thumbsca/public_html/_vti_pvt/service.pwd
AuthGroupFile /home/thumbsca/public_html/_vti_pvt/service.grp
 
Top