Outside of public_html versus deny from all


I’ve got a script which I’m using in a CRON job that shouldn’t be accessed by anyone except for me. I know that if I put it outside of my public_html folder, nobody on the web can access it. The only downside is that to make it easily accessible in terms of uploading changes, it would have to be in a folder inside my public_html. Can I achieve the same level of security if I add an .htaccess file with “deny from all” in my public_html subfolder that contains the CRON job as if I had it outside the public_html folder?


Well, that would depend upon whether CRON is using an http request. Since I believe it does not, you’ve hit upon a way to hold your script in the webspace (and keep it from being accessed from webspace visitors). Personally, though, I’d setup a special FTP account (with a VERY strong password) to access your account above the DocumentRoot and load the file that way.

Please test your way and report back with your results.



I appreciate the reply! My way does seem to work as well and perhaps can be a viable alternative for those who would like the convenience of uploading with one FTP account. Of course, for the additional layer of security at the cost of a small inconvenience, your suggested approach would be the better of the two.

Thanks again,