Author Topic: writable directories under the web root directory (Read 2329 times)

dank · « **on:** July 04, 2012, 07:59:51 pm »

Hi,

I am always very nervous about having apache writable directories under web root, and feng is configured with 4:

1) cache
2) config
3) upload
4) public/files

Can I change config files to point these to a directory outside of the public_html directory? I would help me sleep at night ;-)

Many thanks,
Dan

dank · « **Reply #1 on:** July 12, 2012, 04:59:44 pm »

Hi guys, i'm not having a dig - feng is brilliant, but this is a big security concern i have.

Any advice would be appreciated - I really don't want cached private emails to be under web root for the world to see and hack....

Many thanks.

conrado · « **Reply #2 on:** July 24, 2012, 03:54:24 pm »

Hi Dan.

There are two things that should be done on a Community Edition installation (we do this for all Feng Sky and Feng Onsite installations).

Both have to do with Apache .htaccess settings

1. Prevent directory listing:

Code: [Select]

Options -Indexes
2. Prevent direct files access:

Code: [Select]

<Files ~ "\.inc$">
	Order allow,deny
	Deny from all
</Files>

Thanks for bringing this topic up!

Feng Forum

News:

Author Topic: writable directories under the web root directory (Read 2329 times)

dank

writable directories under the web root directory

dank

Re: writable directories under the web root directory

conrado

Re: writable directories under the web root directory