Clever Geek Handbook

File permissions on shared hosts

I wrote a script that takes the order summary and stores it in an XML file, except I don't want people to be able to open the XML file in their browser, obviously.

I am hosted on a very dodgy shared server with limited capabilities: no SSH for starters.

Is there a place where I can put this file so that PHP can still read / write, but web browsers cannot get to it?

I used to create a folder outside of the document root and put it there, but when I try to do this, I get an "Allow Denied" message.

The following folders are available:

  • anon_ftp
  • Ben
  • cert
  • CGI-BIN
  • conf
  • error_docs
  • etc.
  • httpdocs
  • httpsdocs
  • P.D.
  • private
  • statistics
  • subdomains
  • web_users

PHP cannot access the file when it is in the folder private

. Is this possible with .htaccess?

+1


source to share


3 answers


I worked around this by putting the XML file in the httpdocs folder, but added a .htaccess file with this in it:



<Files ~ "myfile.xml">
    Order allow,deny
    Deny from all
</Files>
+1


source


You can create a directory containing a file .htaccess

that looks something like this:

Deny from all


This will instruct Apache not to serve files in that directory; any attempts to access the directory or its contents will be performed with a "403 Forbidden" response from the server.

Note. ... It depends on what the host has not removed Limit

from the list of options in its directive AllowOverride

; most shared hosts shouldn't have a reason to do so.

+5


source


Could you please ask your sharing provider to create a folder for you for the external web root folder? I have certainly done this in the past.

0


source






More articles:


All Articles