As a webmaster of several sites running on complex Content Management System solutions, I have regularly came accross the same issue: most CMS systems have some library directories which should be out of the reach of the random web visitor, yet they have to be on the same web-accessible location as the rest of the CMS. To top that, I also have the need to include some other private directories under the web server root, for example a downloads repository, just because PHP open_basedir restrictions won't let me do othewise. Is all lost, then? Is there no way to keep private directories really private?

Hardly so. All you have to do is use the marvelous Apache .htaccess magic. The easiest way to protect a directory is to put a file named .htaccess inside it, containing only these two lines:

order deny,allow
deny from all

Honestly, that's all there is to it. If a web visitor tries to access this directory, he'll get an HTTP 403 error (access denied). Nice and clean!

Nicholas K. Dionysopoulos

A Mechanical Engineer turned Software Engineer, Nicholas has been active with Open Source Software since the 1990's and Joomla! in particular since it was called Mambo all the way back in 2004. Mostly known as the lead developer of Akeeba software, such as Akeeba Backup and Admin Tools, Nicholas has been a frequent core contributor to Joomla and author of several extensions.

No comments