CustomContent / FrontEndUsers / Uploads not quite enough?

[dixonc1]

I've user CustomContent and FrontEndUsers with the upload module to create a members area with a number of downloads. It's working great except people can still browse to the site.com\uploads\ folder and get a directory listing and download the files outside of my superb  security!

Can I get round this with file permissions / clever tricks or do I need to .htaccess the folder(s) in question which will presumably meen the users having to re-enter their ID / password.

Thanx

[calguy1000]

You need a .htaccess file but you can allow only the localhost to access that directory, then there's no way it can be accessed from outside.

One of the features I'm going to include in Uploads down the road is the ability to automatically create the .htaccess files.  I just haven't gotten there yet.

[dixonc1]

Wow. Thanks 1,000,000 it works. If anyone is interested the .htaccess file I created looks like this.

Order Deny,Allow
Deny from all
Allow from 127.0.0.1

That seems to do the trick (although not being an expert might not be the best way of doing it), files downloadable from within the CMS and not accessable via the web!

[johnbmcdonald]

Question:

Is this

Order Deny,Allow
Deny from all
Allow from 127.0.0.1

everything you need in the .htaccess file?

Thanks
John