_private folder?

[ryanmaelhorn77]

I need to create a folder on the server that can only be accessed via ftp and by php scripts. I dont want somebody to be able to just type in the url and get access to it. Is this the point of the _private folder that is already in the www folder?

I read that if I put something outside the www folder, no one online will be able to see it. This sounds like what I want, but can php scripts in the www folder access it?

 

[lemon-tree]

_private is not the folder you are looking for. Either put the files in the directory above public_html or create a new folder and set the permissions to deny access from 'world'.

 

[misson]

create a new folder and set the permissions to deny access from 'world'.

Won't work on X10, since the server process runs with your user credentials. You could use the Order directive to deny access to specific directories. You'd also better configure Apache to return a 404 response rather than a 403 to hide the directory's existence. In the directory's .htaccess file, put:

Order allow,deny
RedirectMatch 404 ^

Now that I think about it, the Order directive is unnecessary. The redirect is sufficient.

In any case, placing the files outside the web folder hierarchy is the simplest and conceptually cleanest approach.

 

[ryanmaelhorn77]

Well if I place the folder outside the www directory, what url would I use in my php scripts?
Say I make a folder called "Secret" outside the www directory

would the link be www.mysite.com/secrets/

?

 

[descalzo]

If your user name is 'george', you can create a directory

/home/george/secret

and put your files there.

If you want to include the file in one of your PHP scripts , you would use

require_once( '/home/george/secret/special.php' )

 

[lemon-tree]

Won't work on X10, since the server process runs with your user credentials. You could use the Order directive to deny access to specific directories. You'd also better configure Apache to return a 404 response rather than a 403 to hide the directory's existence. In the directory's .htaccess file, put:

It does work, just try accessing this file: http://lemon.x10hosting.com/secrettestfolder/supersecretfile.php
It does exist and I have just set the folder to 750. So this does work, however your .htaccess solution works better.

Edit: I'll be deleting that folder and file tomorrow though once you've had a look so it doesn't clutter up my directory.

 

[ryanmaelhorn77]

When I log on via FTP and i go to the highest possible folder, i can see .cpanel .htpasswds .trash, etc...

If I made the folder here, the url would be www.mysite/secrets/ ?

 

[descalzo]

If I made the folder here, the url would be www.mysite/secrets/ ?

No. You would not be able to access it from the web.

 

[ryanmaelhorn77]

So what did lemo mean about putting it outside the public folder?

---------- Post added at 01:29 AM ---------- Previous post was at 01:05 AM ----------

how would I change this htacess file to make the folder that it's in private?:

# -FrontPage-

IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*

<Limit GET POST>
order deny,allow
deny from all
allow from all
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>
AuthName thumbscalp.com
AuthUserFile /home/thumbsca/public_html/_vti_pvt/service.pwd
AuthGroupFile /home/thumbsca/public_html/_vti_pvt/service.grp