Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


How can i forbid downloading a file from my server
New on LowEndTalk? Please Register and read our Community Rules.

How can i forbid downloading a file from my server

AbdessamadAbdessamad Member
edited May 2014 in Help

Hello,

I have a file in a website in my server and i want to know how to forbid downloading this file from cpanel or ftp

I have Centos 6 with cpanel installed

Hope you can help me

Thank you in advance,

Comments

  • petrispetris Member

    @black said:
    Don't put it on the server.

    You beat me to it.

  • nerouxneroux Member

    @black said:
    Don't put it on the server.

    Precisely.

  • Apache config, file permissions... I am guessing though what you want is something like a config file? The best way to deal with sensitive files like that is to keep them outside your public_html folder.

    My personal blog and website | Freelance web developer & programmer. HTML/CSS/PHP/JS (Clientside & Serverside)/C# and more

    Installing Observium on Debian

  • Put it in a folder and make a .htaccess file?

  • keep it out of the public_html by either dropping it in email folder or home.

    also you can change permission to the file.

    password the folder

    just saying

    i was about to laugh but now am thinking of laughing

  • namhuynamhuy Member

    Or set password protected folder

  • nerouxneroux Member

    .... or explain what you actually want to do.

    1. Remove it from the server
    2. Remove it again
    3. Double check if you have removed it.
    4. Take a cup of tea and enjoy having the file secured.
    Thanked by 2M66B netomx
  • sc754sc754 Member

    @Abdessamad said:
    Hello,

    I have a file in a website in my server and i want to know how to forbid downloading this file from cpanel or ftp

    I have Centos 6 with cpanel installed

    Hope you can help me

    Thank you in advance,

    Move it somewhere out of your public_html folder?

  • edited May 2014

    1) Do not upload the file to the server if you don't want it to be download.
    2) If you have already uploaded it delete it from the server.
    3) Set the proper permission for the file if you really want to keep it on the server (something like 700 or 600).
    4) Move it outside any public folder (public_html, www, htdocs or whatever there is).
    5) Block access to the file with a proper .htaccess rule or a deny block for the file in your vHost configuration if you are using Nginx other/other web servers.
    6) Put a password on the file with .htaccess and .htpasswd so no one can download it as they don't have the username/password.

    Basically I've thrown everything together that was already mentioned. I would recommend 1 or 3 & 4 if you really have to keep the file on your server.

    @sc754 said:
    Move it somewhere out of your public_html folder?

    You know in cPanel the sites content goes into a folder called "public_html". The home path however is /home/username in which you can find a lot of folders and the public_html folder. The home path is not accessable over the Internet (only over the cPanel File Manager and FTP/SSH if your host offers that).

    Ein Hoffnungsschimmer, den es nie hätte geben sollen.

  • GaNiGaNi Member
    edited May 2014

    Thanked by 1netomx
  • Hello,

    thanks for your help

    i want to keep all files in public_html and forbid downloading theses files

  • People are asking what your end goal is, what type of files are you trying to hide? Config files? You can use .htaccess to forbid file access with mod_rewrite (should be no issue on most cPanel hosts).

    My personal blog and website | Freelance web developer & programmer. HTML/CSS/PHP/JS (Clientside & Serverside)/C# and more

    Installing Observium on Debian

  • i have some files (txt, php, html, jpg...) in a directory

    some people have access to ftp and cpanel and i want to forbid them to download these files even if they use ftp or cpanel

    please forgive my bad english

  • namhuynamhuy Member

    kindda hard if you share your cpanel w/ someone else. unless you are on reseller or whm so you can create separate cpanel account for each person.

  • I don't use cpanel at all, but couldn't this also be done with standard file permissions? For example set the files to only be readable by owner (600).

    Be seeing you.

  • ^
    Is useless when you share the cPanel account with other people because it's the same login = same owner.

    WHMCS reseller would be useful here so everyone would have his/her own space instead of one shared where everyone has access to everything.

    Thanked by 1netomx

    Ein Hoffnungsschimmer, den es nie hätte geben sollen.

  • jarjar Provider
    edited May 2014

    In .htaccess:

    < FilesMatch filename>
    Deny from all
    < /FilesMatch>
    

    Remove extra spaces. Forum doesn't like that apparently.

    "Note that Romania has laws agains all the illegal activities just like US, including copyright. Is not the Dracula's country or no man's land as you thought." - Random email from someone I don't know, about nothing I've done or said

  • @jarland said:
    In .htaccess:

    > < FilesMatch filename>
    > Deny from all
    > < /FilesMatch>
    > 

    Remove extra spaces. Forum doesn't like that apparently.

    Useless for ftp.

    C, Bash, Perl, Python, PHP, and JS hobbyist. VPS collector. Blog

  • Just change the permissions on the file so it's not readable or executable or writable. That's the easiest way

    AcclaimedHost - Cheap VPS, Dedis, and Incredible Shared/Reseller Accounts

  • ^ That won't protect the file from someone else with FTP access who still can download it or simply change the chmod.

    Ein Hoffnungsschimmer, den es nie hätte geben sollen.

  • jcalebjcaleb Member

    if nginx, there is a module secure link

  • NekoShiinachan said: ^ Is useless when you share the cPanel account with other people because it's the same login = same owner.

    Indeed. It didn't occur to me that people would be sharing logins. @Abdessamad you can't protect files from people that have the same login as you. Either don't put the files there in the first place, or give everyone on separate logins.

    Be seeing you.

  • AzureVPSAzureVPS Member
    edited May 2014

    You could do this, assuming file is the file you want protected: chmod 000 file && sudo chattr +i file

    This makes the file so that only root can access the file in any way, including changing it's file permissions.

    AFAIK, cpanel either isn't run under root or knows how to chattr, so it will be unreadable for both ftp and cpanel.

    https://azurevps.com | Fast SSD-Cached VPSs | 20% off first invoice: LETSAVE20 | Sorry, no relation with Windows Azure

  • ^ Impossible for him as he is just a simple client. Moreover it woul lock himself out of the people who are allowed to access the file because as you said "only root can access the file".

    Ein Hoffnungsschimmer, den es nie hätte geben sollen.

  • jarjar Provider

    @joelgm said:
    Useless for ftp.

    Oops, missed the FTP part. Yeah, won't help.

    "Note that Romania has laws agains all the illegal activities just like US, including copyright. Is not the Dracula's country or no man's land as you thought." - Random email from someone I don't know, about nothing I've done or said

  • @NekoShiinachan said:
    ^ Impossible for him as he is just a simple client. Moreover it woul lock himself out of the people who are allowed to access the file because as you said "only root can access the file".

    I got the feeling from this bit of his post "I have Centos 6 with cpanel installed" that he has a VPS with cPanel installed. He may have root access.

    Favourite host in general: Ramnode (affiliate link)
    Favourite host for hourly billing/custom ISOs: Vultr ($50 free credit for new accounts, affiliate link)

  • Well, why in the name of his administrative access would be store the files in this specific shared folder? If he has his root rights I doubt it would be hard to find a solution. He could easily seperate accounts and so on. For me it just sounds like he is hosted on shared hosting with CentOS 6 as the host OS and cPanel as the control panel. I see no other reason why he would open this topic if he has root access and full access to cPanel. Makes no sense...

    Ein Hoffnungsschimmer, den es nie hätte geben sollen.

  • Change file permission and set read access to 0

Sign In or Register to comment.