Roundcube Community Forum

Recycle Bin => Recycle Bin => Topic started by: unite07 on December 08, 2006, 06:14:48 PM

Title: .htaccess not protecting my log files or files in temp directory
Post by: unite07 on December 08, 2006, 06:14:48 PM: Can anyone help me. I have installed roundcube in my document root and the app is working very well.

how ever the public is able to browse my directories. it seems if the files are php they are protected by the .htaccess file.
but my log files and temp files are completely public

What is the correct way to install round cube?

can anyone define a apache2 structure for roundcube that is secure?

also is there a way to disable inline images in the message. if they are bigger than my php memory limit roundcube blows up
Title: Re: .htaccess not protecting my log files or files in temp directory
Post by: seansan on December 31, 2006, 05:05:33 AM: I have the .htaccess file set-up in tmp and logs with the following code

Code: [Select]
Order allow,deny Deny from all
furthermore you could maybe do something with mod_rewrite (http://attrition.org/attrition/how-anti-theft.html) against inline images (from outside)
Title: Re: .htaccess not protecting my log files or files in temp directory
Post by: haralder on December 31, 2006, 10:47:48 AM: This is working for me. Any corrections are welcome (I am mixing Directory and Location for historical reasons):

Code: [Select]
<Directory /srv/www/roundcube> <FilesMatch "(\.inc|\~)$|^_"> Order allow,deny Deny from all </FilesMatch> Order deny,allow Allow from all </Directory> <Location /roundcube/temp> Order allow,deny Deny from all </Location> <Location /roundcube/logs> Order allow,deny Deny from all </Location> <Location /roundcube/config> Order allow,deny Deny from all </Location>
I think this (improved/generalized/etc.) should be added to the INSTALLATION document, as it is preferable to htaccess (http://httpd.apache.org/docs/2.0/howto/htaccess.html#when (http://httpd.apache.org/docs/2.0/howto/htaccess.html#when))