<<< Back to the TFU FAQ

TFU flash upload faq image 5. Can I use a .htaccess file (basic authentication) to protect the web page where the flash is?

The answer is: Yes - if you loosen the restrictions a little bit - If you don't then it works for some browsers and for some not. But you can simply disable the protection for the files in the tfu folder.

If you get a 401 error you normally have authentication somewhere. If the 401 is reported by the flash its enough to turn off authentication for one file. Create a .htaccess file in the TFU directory (in JFU: administrator/components/com_joomla_flash_uploader/tfu/) and put the following code in it:

<Files "tfu_upload.php">
Allow From All
Satisfy Any

If you cannot even upload a file and you get asked for a password every time you have to disable the basic authentication for the whole folder. This not a security problem because all files in this folders are protected already. Create a .htaccess file in the TFU directory (in JFU: administrator/components/com_joomla_flash_uploader/tfu/; Since JFU 2.11: administrator/components/com_jfuploader/tfu/) and put the following code in it:

  Allow From All
  Satisfy Any

For JFUploader users: Sometimes users do protect the administration additionally with a basic authentification with .htaccess. If this is the case you can do excactly what I have written above. But you also can move the tfu folder to the site. This can simply be done in the configuration of JFUploader -> Config -> Move folder 'tfu' -> Move to site. There is no security risk involved by this because all files in this folder are protected anyway. That it is not there by default has only historical reasons.


Follow TWG at

Like TWG on Facebook