Page 1 of 1
protect your tmp directory
Posted: Mon Aug 18, 2008 6:09 am
by staartmees
to prevent hacking or abuse of your site, it's best to protect your tmp-directory with a .htaccess-file.
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
Re: protect your tmp directory
Posted: Mon Aug 25, 2008 3:53 pm
by Pierre M.
I like this tip. I like such tips.
Pierre M.
Re: protect your tmp directory
Posted: Tue Aug 26, 2008 10:05 am
by Nick Smart
Thanks for your suggestion, unfortunately it prevents the captcha image from displaying on my contact form - CMSMS 1.4.1, Form Builder 0.5.3, Captcha 0.3.1, Linux/PHP5/MySQL
Nick
Re: protect your tmp directory
Posted: Tue Aug 26, 2008 10:10 am
by cyberman
Try this
Code: Select all
<Files *.php>
Order deny,allow
Deny from All
</Files>
so only executable php files will be blocked.
Re: protect your tmp directory
Posted: Tue Aug 26, 2008 10:30 am
by Nick Smart
Is there any reason that couldn't be added to the htaccess in the root?
Nick
Re: protect your tmp directory
Posted: Tue Aug 26, 2008 11:40 am
by cyberman
If you block php files from root CMSms cannot running
...
Re: protect your tmp directory
Posted: Tue Aug 26, 2008 12:41 pm
by Nick Smart
Yes, index.php, etc. need access, I was thinking more of using it as a way to block lib, modules, plugins but just didn't write the question very well.
Nick
Re: protect your tmp directory
Posted: Tue Aug 26, 2008 1:52 pm
by cyberman
You can use the same like I've posted for uploads folder. For /libs you can use
Code: Select all
order deny,allow
deny from all
<Files ~ ".*\.css|.*\.js|.*\.gif|.*\jpe?g|editor.php|thumbs.php|images.php|editorFrame.php$">
Order deny,allow
Allow from all
</Files>
Something more about CMSms and security you can find here
http://wiki.cmsmadesimple.org/index.php ... mall_Guide
Re: protect your tmp directory
Posted: Tue Aug 26, 2008 9:32 pm
by blast2007
Hi all,
can you think we can add a related section into wiki guide?
Could be useful?
Regards
blast
Re: protect your tmp directory
Posted: Wed Aug 27, 2008 5:10 am
by cyberman
Ähmm, what you want to add
?
Re: protect your tmp directory
Posted: Wed Aug 27, 2008 7:43 am
by blast2007
cyberman wrote:
Ähmm, what you want to add
?
Something like:
"You can add .htaccess files to protect these directories:
/tmp
/libs
/uploads
...
Here suggested configuration for each one:
...
..."
Re: protect your tmp directory
Posted: Wed Aug 27, 2008 10:43 am
by cyberman
On the posted link there was some informations like I've posted - now I've added the informations from this thread
...
Re: protect your tmp directory
Posted: Wed Aug 27, 2008 10:45 am
by blast2007
cyberman wrote:
On the posted link there was some informations like I've posted - now I've added the informations from this thread
...
Ok thanks!