How can I prevent someone from browsing a folder?

Forum Moderators: phranque

Message Too Old, No Replies

How can I prevent someone from browsing a folder?

icedowl

2:37 am on Oct 19, 2007 (gmt 0)

I've seen on a couple of occasions where someone has browsed the folder where my web pages reside. The log entry shows "www.example.com/folder/?N=A" as the referrer. A normal page view is in the form of "www.example.com/folder/webpage.html".

I don't like this but I've no idea how to stop it. :(

I've done some searching and reading already for a solution but have come up empty handed. Maybe I just don't know how to find what I'm looking for.

jdMorgan

3:11 am on Oct 19, 2007 (gmt 0)

In .htaccess


Options -Indexes

This will result in a 403-Forbidden response unless the directory contains an index page as defined by the DirectoryIndex directive located in that .htaccess file, a higher-level .htaccess file, or the httpd.conf or conf.d server configuration files.

Jim

icedowl

4:09 am on Oct 19, 2007 (gmt 0)

Thank you! That works perfectly.

g1smd

3:25 pm on Oct 19, 2007 (gmt 0)

The 403 response still shows that the folder does exist.

I use this alternative code to return a "404 Not Found" response:

RewriteRule ^that-folder$ /this.file.does.not.exist [L]

It then looks like there is no folder of that name on server.