Forum Topic: Double Protecting Uploads Directory
A couple of questions related to doing this, this is the rule I saw months ago at Perishable Press:
#Secure uploads directory <Files ~ ".*\..*"> Order Allow,Deny Deny from all </Files> <FilesMatch "\.(jpg|JPG|jpeg|jpe|gif|png|tif|tiff|zip|mp3|mov)$"> Order Deny,Allow Allow from all </FilesMatch>
This only allows the mentioned file types in the directory, so:
1. According to htaccess nature, it applies automatically to all subdirectories as well is that correct (no need to define in individual subdirs)?
2. Adding this to the base htaccess file will help, or it is not necesary when previous one is declared?
#Server Rewrite Protect Files <IfModule mod_rewrite.c> RewriteEngine On #Disable PHP in Uploads RewriteRule ^(.*)/uploads/(.*).php(.?) - [F] </IfModule>
1 Reply to “Double Protecting Uploads Directory”
When in doubt, test. According to my tests .htaccess cascading functionality applies even to the uploads directory. So no need for double protection.