We have a bunch of client files sitting in a "uploads" folder on our Apache-based site. Although the directory itself is NOT browseable (403 forbidden - Directory Listing not allowed) ... the client has become concerned that the files themselves might be compromised somehow, .. or indexed by search engines.
Is there any way that we can apply special .htaccess rules to that uploads folder so that the files contained within it can only be downloaded using a PHP script (or something like that)? We're just looking for a way to secure those files somehow -- without having to reprogram the site so that the file uploads are stored and served up from outside the site root. Please advise.
For the most safety, move the directory outside of the WWW root. But that said, if your server returns a 403 forbidden to browsers, you are also returning a 403 forbidden to search engines. No compromise
Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat. The purpose of this eBook is to educate the reader about ransomware attacks.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…