Page 1 of 1

CustomContent / FrontEndUsers / Uploads not quite enough?

Posted: Sun Jul 29, 2007 9:27 pm
by dixonc1
I've user CustomContent and FrontEndUsers with the upload module to create a members area with a number of downloads. It's working great except people can still browse to the site.com\uploads\ folder and get a directory listing and download the files outside of my superb  ;D security!

Can I get round this with file permissions / clever tricks or do I need to .htaccess the folder(s) in question which will presumably meen the users having to re-enter their ID / password.

Thanx

Re: CustomContent / FrontEndUsers / Uploads not quite enough?

Posted: Mon Jul 30, 2007 5:01 am
by calguy1000
You need a .htaccess file but you can allow only the localhost to access that directory, then there's no way it can be accessed from outside.

One of the features I'm going to include in Uploads down the road is the ability to automatically create the .htaccess files.  I just haven't gotten there yet.

Re: CustomContent / FrontEndUsers / Uploads not quite enough?

Posted: Mon Jul 30, 2007 7:02 am
by dixonc1
Wow. Thanks 1,000,000 it works. If anyone is interested the .htaccess file I created looks like this.

Order Deny,Allow
Deny from all
Allow from 127.0.0.1

That seems to do the trick (although not being an expert might not be the best way of doing it), files downloadable from within the CMS and not accessable via the web!

Re: CustomContent / FrontEndUsers / Uploads not quite enough?

Posted: Mon Jul 30, 2007 5:13 pm
by johnbmcdonald
Question:

Is this
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
everything you need in the .htaccess file?

Thanks
John