File permissions on shared hosts
I wrote a script that takes the order summary and stores it in an XML file, except I don't want people to be able to open the XML file in their browser, obviously.
I am hosted on a very dodgy shared server with limited capabilities: no SSH for starters.
Is there a place where I can put this file so that PHP can still read / write, but web browsers cannot get to it?
I used to create a folder outside of the document root and put it there, but when I try to do this, I get an "Allow Denied" message.
The following folders are available:
- anon_ftp
- Ben
- cert
- CGI-BIN
- conf
- error_docs
- etc.
- httpdocs
- httpsdocs
- P.D.
- private
- statistics
- subdomains
- web_users
PHP cannot access the file when it is in the folder private
. Is this possible with .htaccess?
source to share
You can create a directory containing a file .htaccess
that looks something like this:
Deny from all
This will instruct Apache not to serve files in that directory; any attempts to access the directory or its contents will be performed with a "403 Forbidden" response from the server.
Note. ... It depends on what the host has not removed Limit
from the list of options in its directive AllowOverride
; most shared hosts shouldn't have a reason to do so.
source to share