How to secure upload directory within cmsAdmin

6 posts by 3 authors in: Forums > CMS Builder
Last Post: October 8, 2013   (RSS)

By nmsinc - October 7, 2013

I need to secure the upload directory within cmsAdmin - how can this be done?

Thanks - nmsinc

nmsinc

Hi nmsinc,

If a simple "you shouldn't be" here index file in the directory isn't enough for your needs, you might consider moving the upload directory to above your public directory using a custom upload directory (I don't know if you can do that but it might be worth a try).

Another thought is to password protect the directory using .htaccess.

Google: password protect a directory with htaccess for lots of information.

Good luck, and let us know how you solve the issue...

Jerry  Kornbluth

The first CMS Builder reference book is now available on-line!







Take advantage of a free 3 month trial subscription, only for CMSB users, at: http://www.thecmsbcookbook.com/trial.php

By nmsinc - October 7, 2013

Hi Jerry,

I do have a index file that moves the user back to the root index page for the spider bots, however, I'm worried about users who know how to access the folders via the main CMS directory!

Also, htaccess will not work as our clients customers get confused when they must enter more than one user code!

Thanks - nmsinc

nmsinc

By gkornbluth - October 7, 2013 - edited: October 7, 2013

Hi,

I did a bit of playing around and it seems (at least on the site that I tested) that changing the permission of the upload directory (and all the directories below it) from 755 to 751 denied access to me when I tried to list any of the upload directories but web access still worked perfectly.

Worth a try?

You might want to look at this article as well: http://perishablepress.com/enable-file-or-directory-access-to-your-htaccess-password-protected-site/

Jerry Kornbluth

The first CMS Builder reference book is now available on-line!







Take advantage of a free 3 month trial subscription, only for CMSB users, at: http://www.thecmsbcookbook.com/trial.php

By nmsinc - October 8, 2013

I did reset the permissions and everything appears to be working as Jerry mentioned!

Thanks - nmsinc

nmsinc