Reputation: 14992
Allow safe FTP upload
I'd like to allow my friend to upload some photos for me over FTP to my server (shared host). It's a trusted friend but I'd still like to block the execution of any php or similar scripts etc.
How can I use .htaccess (in a directory above the one I allow FTP to acces) to block everything except a list of approved extensions (images) and disallow htaccess (to prevent any further modifications)?
Does such method still have security risks?
Thanks!
Upvotes: 0
Views: 1353
Answers (1)
Reputation: 4844
You should be able to use
<FilesMatch ".+">
Order Deny,Allow
Deny From All
Allow From localhost # OR WHATEVER HERE
</FilesMatch>
<FilesMatch "\.(jpg|gif|stuff)$">
Order Deny,Allow
Allow From All
</FilesMatch>
EDIT
For preventing further modifications to htaccess, you need to set filesystem permissions accordingly (aka OS dependent), since you are most likely to give your friend full FTP access (including delete/overwrite/append).
Upvotes: 1
Related Questions
- Secure PHP file uploading
- FTP Server doesn't allow me to upload .htaccess file
- Does RewriteRule on htaccess file affect FTP?
- Editing .htaccess without FTP access through Wordpress
- Access FTP via HTTP?
- How can prevent user from uploading php files with ftp?
- .htaccess - Deny all except one folder
- Making PHP file upload secure with htaccess
- Public_html file permissions
- How to upload .htaccess file using ftp