Posted by GarethAtFlignet on 01/22/08 08:08

On Jan 22, 6:47 am, B <bilalallaw...@gmail.com> wrote:
> Hi,
>
> I am using mkdir to create a directory and upload files to it.
> Unfortunately the folder is accessible via the url to any user, which
> is creating problems. How can I manage permissions with mkdir so the
> folder is not availabe via the url path
>
> thanks :)

Lots of options, here are a couple:

1. why not make the folder outside the webroot?

for example, if your webroot maps to /home/joebloggs/mywebsite on
your server, instead of making the directory under (e.g. /home/
joebloggs/mywebsite/myuploadir), put outside the webroot (e.g. /home/
joebloggs/myuploadir). PHP will still be able to get the files but
they will no longer be accesible via a URL.

You'll probably need to modify the file permissions of the parent
directory to ensure your script can create the upload directory in the
new location.

2. When you create the directory, also create a small .htaccess file
in the same directory with contents something like this:

<Directory "/home/joebloggs/mywebsite/myuploadir">
<FilesMatch ".doc|.gif">
Deny from all
</FilesMatch>
</Directory>

[Back to original message]