Hi Marco,

I put a htaccess file with 'Deny from all' added to the last line, into /tmp as explained (Drupal 6)

It was an empty directory. Then I ran the Status report. I see the Temporary files directory----not fully protected.

So I'm wondering if I've placed 'Deny from all' on the wrong line in the htaccess file?

Nothing else appears strange.

Howard

On 6 December 2013 06:29, M. Fioretti <mfioretti@nexaima.net> wrote:

Greetings,

I'm almost finished (fingers crossed) to update a website I manage to
drupal 7.24

Everything seems OK and I've already updated the .htaccess files in
sites/*/files/ as explained in

https://drupal.org/SA-CORE-2013-003

The only thing I'm not sure about is where that page says:

Additionally, the .htaccess of the temporary files directory and
private files directory (if used) should include this command:

Deny from all

my temporary files directory as shown in
/admin/config/media/file-system is /tmp (private file system path is
empty). Should I put an ..htaccess in /tmp too???

I believe not, but I'd rather have confirmation.

Thanks!
Marco

--
[ Drupal support list | http://lists.drupal.org/ ]