New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
How can i forbid downloading a file from my server
Abdessamad
Member
Hello,
I have a file in a website in my server and i want to know how to forbid downloading this file from cpanel or ftp
I have Centos 6 with cpanel installed
Hope you can help me
Thank you in advance,
Comments
Don't put it on the server.
You beat me to it.
Precisely.
Apache config, file permissions... I am guessing though what you want is something like a config file? The best way to deal with sensitive files like that is to keep them outside your public_html folder.
Put it in a folder and make a .htaccess file?
keep it out of the public_html by either dropping it in email folder or home.
also you can change permission to the file.
password the folder
just saying
Or set password protected folder
.... or explain what you actually want to do.
Move it somewhere out of your public_html folder?
1) Do not upload the file to the server if you don't want it to be download.
2) If you have already uploaded it delete it from the server.
3) Set the proper permission for the file if you really want to keep it on the server (something like 700 or 600).
4) Move it outside any public folder (public_html, www, htdocs or whatever there is).
5) Block access to the file with a proper .htaccess rule or a deny block for the file in your vHost configuration if you are using Nginx other/other web servers.
6) Put a password on the file with .htaccess and .htpasswd so no one can download it as they don't have the username/password.
Basically I've thrown everything together that was already mentioned. I would recommend 1 or 3 & 4 if you really have to keep the file on your server.
You know in cPanel the sites content goes into a folder called "public_html". The home path however is /home/username in which you can find a lot of folders and the public_html folder. The home path is not accessable over the Internet (only over the cPanel File Manager and FTP/SSH if your host offers that).
Hello,
thanks for your help
i want to keep all files in public_html and forbid downloading theses files
People are asking what your end goal is, what type of files are you trying to hide? Config files? You can use .htaccess to forbid file access with mod_rewrite (should be no issue on most cPanel hosts).
i have some files (txt, php, html, jpg...) in a directory
some people have access to ftp and cpanel and i want to forbid them to download these files even if they use ftp or cpanel
please forgive my bad english
kindda hard if you share your cpanel w/ someone else. unless you are on reseller or whm so you can create separate cpanel account for each person.
I don't use cpanel at all, but couldn't this also be done with standard file permissions? For example set the files to only be readable by owner (600).
^
Is useless when you share the cPanel account with other people because it's the same login = same owner.
WHMCS reseller would be useful here so everyone would have his/her own space instead of one shared where everyone has access to everything.
In .htaccess:
Remove extra spaces. Forum doesn't like that apparently.
Useless for ftp.
Just change the permissions on the file so it's not readable or executable or writable. That's the easiest way
^ That won't protect the file from someone else with FTP access who still can download it or simply change the chmod.
if nginx, there is a module secure link
Indeed. It didn't occur to me that people would be sharing logins. @Abdessamad you can't protect files from people that have the same login as you. Either don't put the files there in the first place, or give everyone on separate logins.
You could do this, assuming
fileis the file you want protected:chmod 000 file && sudo chattr +i fileThis makes the file so that only root can access the file in any way, including changing it's file permissions.
AFAIK, cpanel either isn't run under root or knows how to
chattr, so it will be unreadable for both ftp and cpanel.^ Impossible for him as he is just a simple client. Moreover it woul lock himself out of the people who are allowed to access the file because as you said "only root can access the file".
Oops, missed the FTP part. Yeah, won't help.
I got the feeling from this bit of his post "I have Centos 6 with cpanel installed" that he has a VPS with cPanel installed. He may have root access.
Well, why in the name of his administrative access would be store the files in this specific shared folder? If he has his root rights I doubt it would be hard to find a solution. He could easily seperate accounts and so on. For me it just sounds like he is hosted on shared hosting with CentOS 6 as the host OS and cPanel as the control panel. I see no other reason why he would open this topic if he has root access and full access to cPanel. Makes no sense...
Change file permission and set read access to 0