TOPIC: Protect uploads folder from access

Greetings,

I read the faq and looked for instructions on this with no luck.

I want to make use of .htaccess to ensure that access to files is not allowed unless it comes from the link from the component with the encoded transaction ID.

Where are the instructions on how to do this please?

Thank you kindly,
paz

Dear Paz,

Upon installation the extension adds a .htaccess with content

deny from all

to the uploads folder to ensure no one is able to directly access the files. Is that file missing on your website?

Thanks!

Thanks for the quick response. No that file was not there, but i have created it now.

So do I assume that your download script will somehow include the file rather than use URI access to the file? That sounds pretty good.

One question then. Can I move this folder outside of my webroot then? PHP should have access anywhere through include, so I could place this elsewhere in my home directory.

Thank you
p.

Hi Paz,

Yes of course, it's never using real path to file. You don't have to worry about anything now I am pretty sure

Thanks!

thanks!

I'm experiencing the same problem - folder is fully accessible from outside and no htaccess. Moreover, I looked into distribution archive and there're only 2 lines concerning this in admin/class.php file:


So there's only a check out there, but nothing's being created on install.

Can you give us instructions on how to make uploads folder accessible only from com_quicksell component?