TechQA.

Prevent user from accessing the uploaded file

368 views Asked by At

I have a module which enable user to upload photos to a certain path like

domain/media/img/uploadedFiles/

I would like to user can upload photo to this location but he cannot reach the uploaded photo by writing

domain.com/media/img/uploadedFiles/filename

I have achieved not to list the files in that path by using .htaccess file but If user knows the name of the uploaded file he can still reach that file.

Thanks

.htaccess file-upload file-security
Original Q&A
1

There are 1 answers

0
Jason Grimes On BEST ANSWER

Assuming you're using Apache, you can block access to files in .htaccess too. For example:

<Files private.html>
  Order allow,deny
  Deny from all
</Files>

To prevent users from accessing any files in the directory, try putting an .htaccess file containing this inside the directory, which sets the default state to deny:

Order Allow,Deny

For more examples of specifying what resources you want to protect, see http://httpd.apache.org/docs/2.2/sections.html

See http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html for more information on access control with Apache.

Related Questions in .HTACCESS

Related Questions in FILE-UPLOAD

Related Questions in FILE-SECURITY

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions