Protecting Folders

[Guest davedavenport]

I have noticed I can view the contents of the folders ie modules, pear etc etc from my browser.

I know I cant see the contents/code but Is this correct?

More importantly is this Secure? :sleep:

[Guest estelle]

You can modify your .htaccess file so that folder contents cannot be viewed.

This is what my .htaccess file contains (the second line prevents folder contents from being listed):

php_value arg_separator.output &

IndexIgnore *

[Guest davedavenport]

You can modify your .htaccess file so that folder contents cannot be viewed.

This is what my .htaccess file contains (the second line prevents folder contents from being listed):

php_value arg_separator.output &

IndexIgnore *

Brilliant worked a treat! Estelle your a star.

[Guest estelle]

Estelle your a star.

The very meaning of my name! LOL :sleep:

[exiladler]

Thanks, hope this makes it more diffcult for anyone hacking the shop.

[Guest]

If you can't or don't know how to do a .htaccess file, you can simply create a file called index.html, add it to that directory and don't put anything it.

OR, you can do as I have and put this in it:

<html>

<head>

<title>What do you think you're lookin for?</title>

</head>

<body>

<h1 align="center">What do you think you're lookin for?</h1>



<h1 align="center"><a href="/">Here's the real site.</a></h1>

</body>

</html>

[Guest fsecchi]

Thank you very much estelle that worked a treat, I do have another little query regarding security. I am not sure you may be able to help.

The downloadable files I have are set in a folder and I would like to secure that folder. I used to offer them for free whilst testing and I did not secure the path. I know it is simple I just change the folder name but unfortunately that is not an option. The manner in which the operation is setup does not consent me to change the name. Is adding an .htaccess and option or is there another way that does not interfer with the cart.

Thanks again

[Guest groovejuice]

@fsecchi the key to protecting your download directory is to put in at the same root level as your html directory, rather than inside it. CC hides the location when sending a download link to the customer. Here is a link to a great tutorial on the topic by markscarts.

[Guest fsecchi]

Thank you for the reply but unfortunately that was not the question I had asked. I know that the script hides the download path to the file but if i type

http://www.thebuchanan.com/**/samplefile.pdf I am able to see the file without problem. This is the action I am trying to eliminate. I may have misphrased my last post and apologise for any confusion.

[Guest aikdo]

im not sure if you password protected the folder using a .htaccess i think i have seen that PHP can still access the files and so can still pass it through in the intended way...

my suggestion Try it ;)

[Guest groovejuice]

Your path to the download folder shows it is inside your html folder. If you read the tutorial you'll see how to place it outside that folder, where it cannot be accessed through a browser.

[Guest estelle]

I know it is simple I just change the folder name but unfortunately that is not an option. The manner in which the operation is setup does not consent me to change the name.

So it sounds like you cannot do the method that groovejuice is suggesting.

I agree with aikdo - password protect the folder using .htaccess, and see if this works with the CubeCart PHP download script.

[Guest fsecchi]

I gave it a go - added both .htaccess and a .htpasswd file to the directory. I requested the .htaccess to only protect the individual files in the directory and seems to have worked fine.

The files are secure from browser access and CC has no problem in accessing them and allowing them for download.

Thank you very much