Welcome to Maxi-Pedia Forum. Maxi-Pedia discussion forum is a free community inviting you to express your ideas and discuss various topics with other contributors.

December 06, 2024, 06:10:30 am *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
 
   Home   Help Search Login Register  
Most Recent Posts:
Pages: [1]
  Print  
Author
Topic: 

.htaccess file for read only access

 (Read 31611 times)
steven
Full Member
***
Posts: 223


« on: November 10, 2008, 11:37:40 am »

I am running this website, and i'd like to configure my .htaccess file so that whoever tried to hack into my website has only read-only (no write) access to particular folders or directories. How can I accomplish that?
Logged
Maxi-Pedia Forum
« on: November 10, 2008, 11:37:40 am »

 Logged
atari
Full Member
***
Posts: 121


« Reply #1 on: November 10, 2008, 11:52:57 am »

I can't really remember any parameter that you could include in your .htaccess to tell the server to treat a folder as read-only. You probably have to do that on the OS level.
Logged
mod
Moderator
*****
Posts: 525


« Reply #2 on: November 10, 2008, 12:03:26 pm »

I am running this website, and i'd like to configure my .htaccess file so that whoever tried to hack into my website has only read-only (no write) access to particular folders or directories. How can I accomplish that?

It is a very good idea to set read-only access to certain folders and files. Although you can't do this in your .htaccess, you can do it at the OS level.

It's especially important that you set permissions on your configuration files and files that include connection settings as read-only.

For Unix/Linux systems use the default .htaccess as supplied and then set the directory permisisons to 755 and file permissions to 644, or in some cases 444.

If you cannot do this with your FTP software, try using the File Manager supplied with your webhosting account.

For Windows server systems, simply set the file as "Read-Only" for "Everyone" and especially the IUSR_xxxxx (Internet Guest Account) user if running IIS, or the "System" account or "apache user" if running Apache.
Logged
steven
Full Member
***
Posts: 223


« Reply #3 on: November 10, 2008, 12:04:42 pm »

Thanks for your advice. What is chmod and how do I use it?
Logged
mismas
Jr. Member
**
Posts: 60


« Reply #4 on: November 10, 2008, 12:13:00 pm »

I am running this website, and i'd like to configure my .htaccess file so that whoever tried to hack into my website has only read-only (no write) access to particular folders or directories. How can I accomplish that?

Yeah, setting your folders and files to read-only is a very good practice. Usually, during initial installation, you are advised to set for example your images folder to read/write, so that you can use the Admin interface to upload images without having to use FTP for each one. Similar recommendations are made to other files for various reasons.

However, leaving the images (or ANY other) folder in read/write mode means that hackers "might" be able to put malicious files in this (or other) folder and thus create access points from which to attempt nasty exploits.

Thus, once your site is built and your images have been created/loaded, you should drop the security down from read/write to read. ie: change from CHMOD 777 down to 644. On Linux/Unix hosts, generally, permission-setting recommendations for basic security are: - folders/directories: 755 - files: 644
Logged
mod
Moderator
*****
Posts: 525


« Reply #5 on: November 10, 2008, 12:17:33 pm »

Thanks for your advice. What is chmod and how do I use it?

CHMOD is a command to alter security permissions in Unix/Linux. The syntax is

chmod XXX file/folder

The first X is user permissions, second X is group rights, the third one is permissions of others.

Every X can have value from 0 to 7.

0 = no access
1 = execute
2 = write
4 = read

Add the numbers up to come to your desired permissions level.
 
Example: I want to change permissions to file.txt, so that I:

have all permissions (1 + 2 + 4 = 7)
group can read and write (4 + 2 = 6)
others nothing (0 = 0)

The command will look like chmod 760 file.txt

You can do this for your website folders and files.
Logged
atari
Full Member
***
Posts: 121


« Reply #6 on: November 10, 2008, 12:20:55 pm »

By the way,

Quote
Options -Indexes

is used to not show directory listings for URLs which map to a directory. Another level of security..

Cheers!
Logged
Maxi-Pedia Forum
   

 Logged
Pages: [1]
  Print  
 
Jump to:  

Page created in 0.082 seconds with 23 queries. (Pretty URLs adds 0.001s, 0q)