How to secure upload directory within cmsAdmin
6 posts by 3 authors in: Forums > CMS Builder
Last Post: October 8, 2013 (RSS)
By nmsinc - October 7, 2013
I need to secure the upload directory within cmsAdmin - how can this be done?
Thanks - nmsinc
Hi nmsinc,
If a simple "you shouldn't be" here index file in the directory isn't enough for your needs, you might consider moving the upload directory to above your public directory using a custom upload directory (I don't know if you can do that but it might be worth a try).
Another thought is to password protect the directory using .htaccess.
Google: password protect a directory with htaccess for lots of information.
Good luck, and let us know how you solve the issue...
Jerry Kornbluth
Take advantage of a free 3 month trial subscription, only for CMSB users, at: http://www.thecmsbcookbook.com/trial.php
By nmsinc - October 7, 2013
Hi Jerry,
I do have a index file that moves the user back to the root index page for the spider bots, however, I'm worried about users who know how to access the folders via the main CMS directory!
Also, htaccess will not work as our clients customers get confused when they must enter more than one user code!
Thanks - nmsinc
By gkornbluth - October 7, 2013 - edited: October 7, 2013
Hi,
I did a bit of playing around and it seems (at least on the site that I tested) that changing the permission of the upload directory (and all the directories below it) from 755 to 751 denied access to me when I tried to list any of the upload directories but web access still worked perfectly.
Worth a try?
You might want to look at this article as well: http://perishablepress.com/enable-file-or-directory-access-to-your-htaccess-password-protected-site/
Jerry Kornbluth
Take advantage of a free 3 month trial subscription, only for CMSB users, at: http://www.thecmsbcookbook.com/trial.php
By Damon - October 8, 2013
Hi,
Did any of Jerry's suggestions work for you?
I'm worried about users who know how to access the folders via the main CMS directory!
You can move the uploads folder to another location and then add an index.html file into it that will prevent file browsing.
Can you give me an example of what how a user would be able to access the folder?
Damon Edis - interactivetools.com
Hire me! Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/
By nmsinc - October 8, 2013
I did reset the permissions and everything appears to be working as Jerry mentioned!
Thanks - nmsinc