homepage Welcome to WebmasterWorld Guest from 54.237.249.10
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / HTML
Forum Library, Charter, Moderators: incrediBILL

HTML Forum

    

BoneHeadicus




msg:633514
 4:03 pm on Dec 21, 2000 (gmt 0)

Anybody got a good site for .htaccess files? I need to alter mine to block people from viewing my cgi-bin folder and cloaking folders... theres also a few IP I would like to ban from eating expensive bandwidth for no particular reason...;)

Related:
[webmasterworld.com...]

 

stcrim




msg:633515
 5:49 pm on Dec 21, 2000 (gmt 0)
\http://www.echodev.com/tutorials/misc/htaccess/

\http://www.newbie.org/gazette/xxaxx/xprmnt03.html

BoneHeadicus




msg:633516
 10:09 pm on Dec 21, 2000 (gmt 0)

If I password protect a dir like that then nobody can see the pages in it, right? How can I stop access to a dir that doesnt have an index.html page in it...you know how it lists the contents of the folder and then you can pick and choose which one to steal.

Air




msg:633517
 1:51 am on Dec 22, 2000 (gmt 0)

To ban an IP add to your .htaccess file:

deny from xxx.xxx.xxx.xxx

where xxx.xxx.xxx.xxx is a full or partial IP address.

To keep the Index of/ from being displayed:
you can do it by adding the following statement to your .htaccess file, you only need one in your root, unless you have different rules per directory then you can put an .htaccess in the directory you want it to apply the rule to.

eg.

DirectoryIndex index.html index.htm /directory/path/error.html

For a request where no page is specified, the above statement in your .htaccess file would cause the server to look for and display index.html, if it does not exist then it would look for and display index.htm, and if it does not exist it would display error.html from /directory/path, if none of those exist then you will get the directory listing displayed.

BoneHeadicus




msg:633518
 2:53 am on Dec 22, 2000 (gmt 0)

You nailed it right on the head there, Air...Thanks a million, zillion, billion times....takes a load off my back. I took the line as you wrote it and pointed it to the Apache Guardian script so it automatically emails me when someone tries to get the Index of/. Awesome...now I can sleep knowing that my cloaked pages are tucked in extra secure now.;):);)

Gorufu




msg:633519
 4:34 am on Dec 22, 2000 (gmt 0)

You can also prevent a directory listing with

Options -Indexes

Also check that .htaccess is not publicy viewable.

If yourdomain.com/.htaccess displays the contents of .htaccess you can prevent it by adding

<Files .htaccess>
deny from all
</Files>

GWJ




msg:633520
 1:25 pm on Dec 22, 2000 (gmt 0)

Thanks Air and Gorufu. Saw this post and will take your advice also.

Brian

BoneHeadicus




msg:633521
 4:09 pm on Dec 22, 2000 (gmt 0)

Yesireee...I really like this forum. It's nice to be able to get real answers to problems without agonizing through ANOTHER 4" manual on some droll computer subject. Since I'm from the "Land of the Hanging Chad" (formerly known as Floriduh), well, we aint real smart down here. I needs all the hep I kin git. Thanks yall:)

mivox




msg:633522
 2:51 am on Dec 28, 2000 (gmt 0)

If you can change file/folder permissions on your server, you can also turn off world "read" access to your web directories.

Browsers will still be able to display files within the directory via specific links, but trying to view the directory contents gives a "Forbidden" error.

See what I mean:
[absak.com...] (forbidden... no index file in the directory)
vs.
[absak.com...] (redirects to parent frames... but still accesses the page)

gmiller




msg:633523
 6:00 pm on Dec 30, 2000 (gmt 0)

You can get more information about specific servers from vendors. For Apache, that's [apache.org...]

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / HTML
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved