-
Notifications
You must be signed in to change notification settings - Fork 80
[EN] Securing private directory
It's very important to isolate the private
directory from your visitors. In this guide you can learn how to do it.
Show / hide
First of all, if you have .htaccess
files enabled, the private directory might be already blocked. Test it to find out.
If not, follow these instructions. Note that they were made for Ubuntu, file locations might differ on other systems.
You should have a .conf
file in your /etc/apache2/sites-available/
folder. (mine was named 000-default.conf
). Open it in your favorite editor.
Add the following code inside of the <VirtualHost>
block. Remember to adjust the absolute path if needed!
<Directory /var/www/html/private>
Order Deny,allow
Deny from all
</Directory>
Save and exit.
On Ubuntu you can run sudo service apache2 restart
. If you got any errors, you probably screwed the configuration file.
Now test if everything is working.
Show / hide
Find your site file. By default it's /etc/nginx/sites-available/default
. Open it in your favorite editor.
Add the following code inside of the server
block. Remember to adjust the relative path if needed!
location ^~ /private {
deny all;
}
Save and exit.
On Ubuntu you can run sudo service nginx restart
. If you got any errors, you probably screwed the configuration file.
Now test if everything is working.
Show / hide
We don't have much experience with IIS, but this config was reported to work
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Disable-Folder" stopProcessing="true">
<match url="private\/(.+)" />
<action type="CustomResponse" statusCode="403" subStatusCode="0" statusReason="Forbidden" statusDescription="Access Is Forbidden." />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
Show / hide
Use Google
Show / hide
You should not be able to access these URLs, and see the error page
(Replace example.com with your TS-website address)
-
example.com/private/
(root private dir) -
example.com/private/dbconfig.php
(file) -
example.com/private/php
(directory) -
example.com/private/php/load.php
(file inside of directory)
TS-Website Wiki | German Translation by derrobin154 | Polish Translation by toster234 | Czech Translation by flw55 | Hungarian Translation by Aqua22