Commit 8fb46a0d authored by Carsten  Rose's avatar Carsten Rose
Browse files

Manual.rst: add tip how to use .htaccess.

parent e11b5ae6
Pipeline #665 passed with stage
in 1 minute and 31 seconds
......@@ -1274,13 +1274,17 @@ Secure direct file access
-------------------------
If the application uploads files, mostly it's not necessary and often a security issue, to offer a direct download of
the uploaded files. Best is to create a directory, e.g. `<site path>/fileadmin/protected` and deny direct access via webbrowser to it.
E.g. for Apache set a htaccess rule: ::
the uploaded files. Best is to create a directory, e.g. `<site path>/fileadmin/protected` and deny direct access via
webbrowser to it. E.g. for Apache set a rule: ::
<Directory "/var/www/html/fileadmin/protected">
Require all denied
</Directory>
If you only have access to `.htaccess`, create a file `<site path>/fileadmin/protected/.htaccess` with: ::
deny from all
**Important**: all QFQ uploads should then save files in or below such a directory.
To offer download of those files, use the reserved columnname '_download' (see `download`_) or variants.
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment