Welcome to WebmasterWorld Guest from

Forum Moderators: incrediBILL

Message Too Old, No Replies



4:03 pm on Dec 21, 2000 (gmt 0)

10+ Year Member

Anybody got a good site for .htaccess files? I need to alter mine to block people from viewing my cgi-bin folder and cloaking folders... theres also a few IP I would like to ban from eating expensive bandwidth for no particular reason...;)



5:49 pm on Dec 21, 2000 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member




10:09 pm on Dec 21, 2000 (gmt 0)

10+ Year Member

If I password protect a dir like that then nobody can see the pages in it, right? How can I stop access to a dir that doesnt have an index.html page in it...you know how it lists the contents of the folder and then you can pick and choose which one to steal.


1:51 am on Dec 22, 2000 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member

To ban an IP add to your .htaccess file:

deny from xxx.xxx.xxx.xxx

where xxx.xxx.xxx.xxx is a full or partial IP address.

To keep the Index of/ from being displayed:
you can do it by adding the following statement to your .htaccess file, you only need one in your root, unless you have different rules per directory then you can put an .htaccess in the directory you want it to apply the rule to.


DirectoryIndex index.html index.htm /directory/path/error.html

For a request where no page is specified, the above statement in your .htaccess file would cause the server to look for and display index.html, if it does not exist then it would look for and display index.htm, and if it does not exist it would display error.html from /directory/path, if none of those exist then you will get the directory listing displayed.


2:53 am on Dec 22, 2000 (gmt 0)

10+ Year Member

You nailed it right on the head there, Air...Thanks a million, zillion, billion times....takes a load off my back. I took the line as you wrote it and pointed it to the Apache Guardian script so it automatically emails me when someone tries to get the Index of/. Awesome...now I can sleep knowing that my cloaked pages are tucked in extra secure now.;):);)


4:34 am on Dec 22, 2000 (gmt 0)

10+ Year Member

You can also prevent a directory listing with

Options -Indexes

Also check that .htaccess is not publicy viewable.

If yourdomain.com/.htaccess displays the contents of .htaccess you can prevent it by adding

<Files .htaccess>
deny from all


1:25 pm on Dec 22, 2000 (gmt 0)

Thanks Air and Gorufu. Saw this post and will take your advice also.



4:09 pm on Dec 22, 2000 (gmt 0)

10+ Year Member

Yesireee...I really like this forum. It's nice to be able to get real answers to problems without agonizing through ANOTHER 4" manual on some droll computer subject. Since I'm from the "Land of the Hanging Chad" (formerly known as Floriduh), well, we aint real smart down here. I needs all the hep I kin git. Thanks yall:)


2:51 am on Dec 28, 2000 (gmt 0)

WebmasterWorld Senior Member mivox is a WebmasterWorld Top Contributor of All Time 10+ Year Member

If you can change file/folder permissions on your server, you can also turn off world "read" access to your web directories.

Browsers will still be able to display files within the directory via specific links, but trying to view the directory contents gives a "Forbidden" error.

See what I mean:
[absak.com...] (forbidden... no index file in the directory)
[absak.com...] (redirects to parent frames... but still accesses the page)


6:00 pm on Dec 30, 2000 (gmt 0)

10+ Year Member

You can get more information about specific servers from vendors. For Apache, that's [apache.org...]

Featured Threads

Hot Threads This Week

Hot Threads This Month