Hi, Recently I discovered in my website, that there is a severe lack of security on the folders below the root.
This surprised me because my server connects all have Security Restrict applied, and all by Client Pages have Security Provider applied, as per the wappler recommendations. So to find that my web folders are still exposed, is not so good.
This means that files that I upload via my new File Upload page, are completely exposed, which is unacceptable. Note, my website exists on a web host so there is no chance of changing settings on the web server.
I have seen Teodor’s, and others, recommendation to restrict access to the folders by modifying the .htaccess file with the lines…
deny from all
or
RewriteRule ._files. / [NC,F]
or
Order allow,deny
So the questions are…
-
Do these lines in .htaccess protect the root and all files below the root?
-
What are the merits of each of those lines?
-
Do any of them protect against ALL forms of access to the files, not just through a web browser?
-
How does this technique compare to DigitalOcean’s S3 or AWS’s S3?
I have just read reviews about DO’s S3 and AWS’s S3, DO seems more attractive and easier to understand. But DO glaringly omits any claims about security.
- Therefore, is strong security a feature of DO’s S3?
Your thoughts?
Last updated: