Website Security

Don't put private files in your web space

In general, you should not use your personal web space for privately sharing files - Nextcloud, SharePoint and OneDrive are all more secure options.

Restricting access using the .htaccess file

.htaccess files can be used to restrict access to files via the web server - see Restricting Access to Webpages with .htaccess for some examples.

However, be aware that this does not prevent access to them by other Maths users via the filesystem.

Restricting access using file permissions

For the web server to display your site, the files in your public_html/ folder must allow read access to "other" (i.e. everybody), and the directories must allow "execute" permission. So the only way you can prevent other users directly accessing your files is (1) use unguessable filenames, and (2) set the Unix permissions to disable directory listings (chmod o-r directory/) so they can't easily discover the filenames.

Avoid symlinks

Do not create a symlink from your public_html/ directory back to your home directory or to any other locations. While the web server is configured to try to prevent access to these locations, you risk accidentally giving access to something sensitive. Instead, move/copy the files into public_html/.

Last updated on 10 Apr 2025, 1:47pm. Please contact us with feedback and comments about this page.