Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

securing an uploads directory, any tips?

Discussion in 'General Discussion' started by verdon, Jul 29, 2004.

  1. verdon

    verdon Well-Known Member

    Nov 1, 2003
    Likes Received:
    Trophy Points:
    Northern Ontario, Canada
    cPanel Access Level:
    Root Administrator
    Hi :)

    Some background... I had to set up an easy means for clients to send us files on an occasional basis that are too large to e-mail. Nothing too extreme, 10-50MB or so. It also needed to assume that the bulk of these people won't have ftp clients and/or the inclination to use one (ya, I know...) Anywise, there's lots of ways to do this but the one I've settled on is to just use limited ftp access and users, and provide a web-based ftp interface for those that don't know what ftp is. I set up a sub-domain '' and created a '/files/clientname/' dir structure. I found a perl app that I like to provide the web interface. It uses Net::FTP module and runs as compiled c app. I am pretty confident in this and everything seems to be working the way it is supposed to.

    I'd like to further protect the top-level home dir I have for these ftp users (/home/mydomain/public_html/uploads/files/ -R) in order to prevent anything from executing from these dirs. Is my best approach to set the mod on the dir somehow, or to handle all restrictions in apache.conf for the sub-domain, or both I'm guessing. Is it possible to allow a dir to be listed, yet prevent anything from executing in it? I'm thinking that after that, I would still have to disallow php from executing in this sub-domain with some form of directive?

    I'd appreciate any thoughts from people with more *nix knowledge than me. Ultimately, I'm not too worried that my particular users are going to be malicious, but I'd like to be fairly comfortable that an executable and/or script put there via ftp couldn't be executed or run.


    WHM 9.4.0 cPanel 9.4.1-S65**
    RedHat 8.0 - WHM X v3.1.0*

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice