# **SECTION 8 — `/uploads`**

This is small but important:

- Directory placeholder
- `.htaccess` to block listing
- Security notes

This section is small but important for security and structure.
It ensures your ISP automation suite has a safe place for file uploads (firmware, config exports, logs, attachments) without exposing the directory to the public.

This directory contains:

- A placeholder file
- A security `.htaccess` file to block listing and execution
- Notes on permissions

This directory stores uploaded files such as:

- Firmware images
- Config backups
- Customer attachments
- Diagnostic logs

Security:
- Directory listing is disabled
- PHP execution is blocked
- Only specific scripts should write here

Permissions:
- Recommended: chown www-data:www-data
- Recommended: chmod 750

.htaccess
This ensures:
- No one can browse the directory
- No PHP can run inside it
- Only safe file types are accessible

---

# **📌 Recommended permissions**

On your server:

```
sudo chown www-data:www-data /var/www/isp/uploads
sudo chmod 750 /var/www/isp/uploads
```

This prevents unauthorized access while allowing your PHP scripts to write backups, firmware, and logs.