Issue
I have a few PHP scripts that generate word documents into a folder. The PHP scripts are locked down with a login session, however if you know the right URL the documents are accessible.
How do I lock down the directory from being accessible from a url but still maintain read and write access for the PHP scripts? Currently the chmod for the directory is set to 777. Can this be set with the folder permissions?
Solution
You place the documents at the wrong location in your file system.
Do not place the documents inside the document root and you do not have to protect them. There is not need to place them exactly in there. There is no limit to still accessing such documents from php when they are stored elsewhere. So create yourself a folder outside the document root and that's it.
General rule of thumb:
- never place objects inside the document root that are not meant to be accessed directly by web requests.
- documents meant to be offered for download should not be offered directly but by a handler script instead.
Answered By - arkascha Answer Checked By - Katrina (WPSolving Volunteer)