/mails folder accessible through browser

[Roberto]

I've just typed in http://mydomain.com/mails/en/account.html and the content of the email template is there for all to see.

What's the best way to close it off from public view without stopping PrestaShop from using the templates?

[TropischBruin]

Good question.

This should be in security.

[Roberto]

Ah, good point, can we move our posts after posting or is this something only the forum admin can do?

[hieloiceberg]

MMM......... basically you can open anything like for example:

http://www.prestashop.com/demo/modules/blockmyaccount/blockmyaccount.tpl

[Skipper]

Untested :

order allow,deny
deny from all

in a .htaccess file just below the shops root directory, e.g. the /modules directory.

[Roberto]

Thanks Skipper I'll give that a go!

[TropischBruin]

Thanks Skipper I'll give that a go!

Did it work?

[msk69]

seems okay.. just gave it a go... not fully tested.

[Paul C]

You can also set the permissions, depending on what you php user will put up with. As an extreme you can try setting them to 600 - this should prevent anyone but the owner from accessing them - some servers who have php running as a group member may need 660.

Paul

[ObsessionO]

Untested :

order allow,deny
deny from all

in a .htaccess file just below the shops root directory, e.g. the /modules directory.

This works too well. Eg. If you put it on it will stop access to the files, but it will also stop access to your store pages. I do agree that those pages need to be protected for privacy sake. Will this issue be addressed in future versions?