Regular Coders
Stop people browsing directories...
I have several websites hosted with my provider, they are all uploaded into different subfolders and are all working fine;
the problem I have is that all my files can be browsed very easily.
e.g.
If someone goes to
http://www.mywebsitexxxxxx.com it calls the index.php file which is fine
but if someone goes to
http://www.mywebsitexxxxxx.com/images
they will then see the entire directory.
Is there anyway to stop this?
Junior Coders
Put a dummy index.html file in that directory with a message that directory is restricted and/or put a redirect link back to whatever page you want.
i.e.
<body>
This directory is restricted.
<meta http-equiv="refresh" content="0; URL=http://www.xxxxx.zzz">
</body>
where content="0; is the seconds before the redirect is appplied.
With a zero, it is an immediate redirect.
Last edited by lprag; 06-27-2007 at 03:25 PM. Reason: added some info
Regular Coders
I have hundreds of directories so I don't fancy doing that.
Is there any other way?
e.g. create a .htaccess file that controls all the subfolders?
The Guy That Moderates
Yes, you could do it with htaccess, but I believe you would still have to place this file within all the directories you want protected. Also, not sure exactly how you would do it. Anyways, hope this helps.
"Computer games don't affect kids; I mean if Pac-Man affected us as kids, we'd all be running around in darkened rooms, munching magic pills and listening to repetitive electronic music." - Kristian Wilson, Nintendo, Inc, 1989
TheUnlimitedHost | The Testing Site | Southern Utah Web Hosting and Design
Junior Coders
If you have cpanel access you can protect your directories from there with little effort. Just click on the directory you want to protect and create a password. Then your directory is protected.
Regular Coders
thetestingsite isn't right, .htaccess options for a directory work recursively, that is affect subdirectories too.
like
will affect all subdirectories in /users/jc_gmk/www effectively giving 403 error when trying to list themCode:<Directory /users/jc_gmk/www> Options -Indexes </Directory>
Global Moderator
1. Index files.
2. .htaccess
Those are the two methods I know about. I'd suggest the code from ItsMeOnly.
Also, I think this has to do with server configuration, so you might be able to do it a bit below .htaccess if you want, but .htaccess is probably the easiest way.
I think what you are referring to here is that you can password protect an entire directory. This is true, but not what the original poster was asking. S/he wants to not allow the directory's contents to be listed when someone visits the directory without an index page, but still be able to view files in the folder. /images should not be viewable, but /images/1.jpg should be viewable.If you have cpanel access you can protect your directories from there with little effort. Just click on the directory you want to protect and create a password. Then your directory is protected.
Daniel - Freelance Web Design | <?php?> | <html>| español | Deutsch | italiano | português | català | un peu de français | some knowledge of several other languages: I can sometimes help translate here on DD | Linguistics Forum
Posting Permissions
Reply With Quote
Bookmarks