How to secure upload directory within cmsAdmin

Hi nmsinc,

If a simple "you shouldn't be" here index file in the directory isn't enough for your needs, you might consider moving the upload directory to above your public directory using a custom upload directory (I don't know if you can do that but it might be worth a try).

Another thought is to password protect the directory using .htaccess.

Google: password protect a directory with htaccess for lots of information.

Good luck, and let us know how you solve the issue...

Jerry  Kornbluth

Hi Jerry,

I do have a index file that moves the user back to the root index page for the spider bots, however, I'm worried about users who know how to access the folders via the main CMS directory!

Also, htaccess will not work as our clients customers get confused when they must enter more than one user code!

Thanks - nmsinc

Hi,

I did a bit of playing around and it seems (at least on the site that I tested) that changing the permission of the upload directory (and all the directories below it) from 755 to 751 denied access to me when I tried to list any of the upload directories but web access still worked perfectly.

Worth a try?

You might want to look at this article as well: http://perishablepress.com/enable-file-or-directory-access-to-your-htaccess-password-protected-site/

Jerry Kornbluth

Hi,

Did any of Jerry's suggestions work for you?

I'm worried about users who know how to access the folders via the main CMS directory!

 You can move the uploads folder to another location and then add an index.html file into it that will prevent file browsing.

Can you give me an example of what how a user would be able to access the folder?