httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "matt farey" <matt.fa...@gmail.com>
Subject Re: [users@httpd] Doubt about disabling access to PHP files
Date Fri, 13 Mar 2009 18:28:20 GMT
This directory should not be under your document root, instead it should lie outside the web
server root, and you should use a php script to handle the download and the file and folder
listing.
This way when the user clicks on "http://example.org/foo/bar/word.doc" the "/foo/bar/word.doc"
will be stripped of with a rewrite rule and sent to "download-or-list.php (for example) which
should access the file and send it along or list the contents (in the case of clicking on
"http://example.org/foo/bar/") and output that.

You would then use permissions to allow access to the files on the shared drive by the domin
user that the apache web server (and php running inside it as a module) - and these should
be as restrictive as you need to make them.

Sent from my BlackBerry® wireless device
Mime
View raw message