[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 143
  • Last Modified:

Restrict access to upload folder

We have noticed a few attempts at uploading files to an upload folder on one of our websites.

The permissions are 777 as we use ckeditor as a html editor, therefore the client needs to upload files.

Are we able to put the following htaccess file in this directory to limit uploads to the clients static ip address?

Any other solutions would be welcomed.
order allow deny
deny from all
allow from <your_IP>

Open in new window

0
Cheryl Lander
Asked:
Cheryl Lander
1 Solution
 
mega666Commented:
if it's a LINUX hosting - YES you can put a .htaccess file to allow the IP's to upload

OR - if that would work for your clients - you can just set up a FTP for them which would have the "UPLOAD" folder as their "home" folder, so when they connect to the FTP - it goes straight to the UPLOAD fiolder and they cannot browse anywhere else.
0
 
Cheryl LanderAuthor Commented:
hi mega 666.

The "OR" option doesn't really fit in with the question.

We are trying to avoid people hacking / uploading files into the website.

So does the .htaccess file still work with our question?
its a cms system where uploads are managed via a web interface, not using ftp.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now