Drupal 8 Private Path Configuration Process – Working and tested!
For example a very important Drupal Module „Backup & Migrate“ requires setting up this private path.
- Place folder outside Drupal Installation and not accessible from web.
- Change folder permissions to 0766
- Place .htaccess inside this folder with this content:
SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006
Options None
Options +FollowSymLinks
Deny from all
# Set the catch-all handler to prevent scripts from being executed.
SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006
# Override the handler again if we're run later in the evaluation list.
SetHandler Drupal_Security_Do_Not_Remove_See_SA_2013_003
# If we know how to do it safely, disable the PHP engine entirely.
php_flag engine off - Add absolute server path to the settings.php
- Most important “Clear All Caches” in “/admin/config/development/performance”
Tested and working on Drupal 8.1.1 and 8.1.2 on Linux/Apache Server.
Full official Documentation: https://www.drupal.org/SA-CORE-2013-003