\http://www.echodev.com/tutorials/misc/htaccess/

\http://www.newbie.org/gazette/xxaxx/xprmnt03.html

If I password protect a dir like that then nobody can see the pages in it, right? How can I stop access to a dir that doesnt have an index.html page in it...you know how it lists the contents of the folder and then you can pick and choose which one to steal.

To ban an IP add to your .htaccess file:

deny from xxx.xxx.xxx.xxx

where xxx.xxx.xxx.xxx is a full or partial IP address.

To keep the Index of/ from being displayed:
you can do it by adding the following statement to your .htaccess file, you only need one in your root, unless you have different rules per directory then you can put an .htaccess in the directory you want it to apply the rule to.

eg.

DirectoryIndex index.html index.htm /directory/path/error.html

For a request where no page is specified, the above statement in your .htaccess file would cause the server to look for and display index.html, if it does not exist then it would look for and display index.htm, and if it does not exist it would display error.html from /directory/path, if none of those exist then you will get the directory listing displayed.

You nailed it right on the head there, Air...Thanks a million, zillion, billion times....takes a load off my back. I took the line as you wrote it and pointed it to the Apache Guardian script so it automatically emails me when someone tries to get the Index of/. Awesome...now I can sleep knowing that my cloaked pages are tucked in extra secure now.;):);)

You can also prevent a directory listing with

Options -Indexes

Also check that .htaccess is not publicy viewable.

If yourdomain.com/.htaccess displays the contents of .htaccess you can prevent it by adding

<Files .htaccess>
deny from all
</Files>

Thanks Air and Gorufu. Saw this post and will take your advice also.

Brian

Yesireee...I really like this forum. It's nice to be able to get real answers to problems without agonizing through ANOTHER 4" manual on some droll computer subject. Since I'm from the "Land of the Hanging Chad" (formerly known as Floriduh), well, we aint real smart down here. I needs all the hep I kin git. Thanks yall:)

If you can change file/folder permissions on your server, you can also turn off world "read" access to your web directories.

Browsers will still be able to display files within the directory via specific links, but trying to view the directory contents gives a "Forbidden" error.

See what I mean:
[absak.com...] (forbidden... no index file in the directory)
vs.
[absak.com...] (redirects to parent frames... but still accesses the page)

You can get more information about specific servers from vendors. For Apache, that's [apache.org...]