Drupal 8 Private Path Configuration

Drupal 8 Private Path Configuration Process – Working and tested!

For example a very important Drupal Module „Backup & Migrate“ requires setting up this private path.

  1. Place folder outside Drupal Installation and not accessible from web.
  2. Change folder permissions to 0766
  3. Place .htaccess inside this folder with this content:
    SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006
    Options None
    Options +FollowSymLinks
    Deny from all
    # Set the catch-all handler to prevent scripts from being executed.
    SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006
    # Override the handler again if we're run later in the evaluation list.
    SetHandler Drupal_Security_Do_Not_Remove_See_SA_2013_003
    # If we know how to do it safely, disable the PHP engine entirely.
    php_flag engine off
  4. Add absolute server path to the settings.php
  5. Most important “Clear All Caches” in “/admin/config/development/performance”

Tested and working on Drupal 8.1.1 and 8.1.2 on Linux/Apache Server.

Full official Documentation: https://www.drupal.org/SA-CORE-2013-003

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht.