Folder permission configuration for online uploads and forbidden direct access - 403 error

0
votes

We are trying to create a form for our users where they can upload images to our site. Lets say that we are uploading all the images to the folder images/uploads.

If the permissions for this folder are set to

777,

it works perfectly well as all the permissions are granted. But if someone types on the browser: mydomain.com/images/uploads, any intruder can have access to all the files uploaded.

If we change the permissions to

711

now it is forbidden (403 error) for intruders to access directly to mydomain.com/images/uploads but our users can no longer upload files as we get a php error "Permissions denied"

What is the best configuration for this case?

1
phpfile-uploadpermissionshttp-status-code-403
Going by this I would guess 722, but I'm no linux expert.vascowhite

1 Answers

4
votes

You can use .htaccess to prevent access directory listing 

 Options -Indexes

You can also use this to prevent image hot linking 

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com/.*$ [NC]
RewriteRule \.(gif|jpg)$ http://www.mydomain.com/angryman.gif [R,L]