how to protect without root access?

Forum Moderators: phranque

Message Too Old, No Replies

how to protect without root access?

jake66

8:36 am on Aug 2, 2006 (gmt 0)

i am currently on <snip> linux hosting and (as far as i know) i do not have access to insert files into the root (outside of the publically accessible folders)

so what does one do with writable cache folders and htpasswd files?

sure, you can password-protect them... but even the htpasswd files are in the public directory.

this is only my second time switching hosts and my previous host allowed access beyond public_html

slightly offtopic: why doesn't <snip> allow users to do this by default? surely you cannot damage other hostee accounts anymore than flooding the sql server, so why not offer users this extra layer of protection? (or do they already and i'm just missing something)

[edited by: physics at 3:48 pm (utc) on Aug. 2, 2006]
[edit reason]
[1][edit reason] snipped host specifics [/edit] [/edit][/1]

coopster

12:40 pm on Aug 2, 2006 (gmt 0)

Who knows. I've done some work on these types of server setups too. It is less than ideal but there are some workarounds. This discussion details an option for you:
at my wit's end with .htaccess protecting directory [webmasterworld.com]

RonPK

3:11 pm on Aug 2, 2006 (gmt 0)

About the .htpasswd file: surely that cannot be retrieved over the web? Decently configured servers should return an error 403 forbidden.

In httpd.conf:

<FilesMatch "^\.ht"> 
  Order allow,deny 
  Deny from all 
</FilesMatch>

Blocks any request to a file starting with .ht

jake66

6:42 pm on Aug 2, 2006 (gmt 0)

yes of course it throws a forbidden response.. but i'm more concerned about the writable folders accessible to the world... is there something fancy i can put in the folder (or even the main htaccess) to keep people out of them?