<div dir="ltr"><div><div><div><div><div>Hi Marco,<br><br></div>I put a htaccess file with 'Deny from all' added to the last line, into /tmp as explained (Drupal 6)<br></div>It was an empty directory. Then I ran the Status report. I see the Temporary files directory----not fully protected.<br>
</div>So I'm wondering if I've placedĀ 'Deny from all' on the wrong line in the htaccess file?<br><br></div>Nothing else appears strange.<br><br></div>Howard<br></div><div class="gmail_extra"><br><br><div class="gmail_quote">
On 6 December 2013 06:29, M. Fioretti <span dir="ltr"><<a href="mailto:mfioretti@nexaima.net" target="_blank">mfioretti@nexaima.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Greetings,<br>
<br>
I'm almost finished (fingers crossed) to update a website I manage to<br>
drupal 7.24<br>
<br>
Everything seems OK and I've already updated the .htaccess files in<br>
sites/*/files/ as explained in<br>
<br>
<a href="https://drupal.org/SA-CORE-2013-003" target="_blank">https://drupal.org/SA-CORE-2013-003</a><br>
<br>
The only thing I'm not sure about is where that page says:<br>
<br>
Additionally, the .htaccess of the temporary files directory and<br>
private files directory (if used) should include this command:<br>
<br>
Deny from all<br>
<br>
my temporary files directory as shown in<br>
/admin/config/media/file-system is /tmp (private file system path is<br>
empty). Should I put an ..htaccess in /tmp too???<br>
<br>
I believe not, but I'd rather have confirmation.<br>
<br>
Thanks!<br>
Marco<br>
<span class="HOEnZb"><font color="#888888"><br>
<br>
--<br>
[ Drupal support list | <a href="http://lists.drupal.org/" target="_blank">http://lists.drupal.org/</a> ]<br>
</font></span></blockquote></div><br></div>