blocking access to web directory while letting script read files

Forum Moderators: open

Message Too Old, No Replies

blocking access to web directory while letting script read files

Junior Varsity question

skateboard

3:53 pm on Dec 10, 2004 (gmt 0)

I just noticed that if you type:
mypage.com/incs
you get:
Parent Directory 10-Dec-2004 10:47 -
[ ] foo.php 19-Nov-2004 16:29 2k
[ ] bar.php 29-Nov-2004 21:38 2k
[ ] foobar.php 01-Dec-2004 18:01 1k
[ ] barfoo.php 01-Dec-2004 17:53 1k

This does not seem good from a security point of view.

How is this prevented? Index pages in each? CHOWN?

Thanks,

JV manager

dcrombie

4:13 pm on Dec 10, 2004 (gmt 0)

Add this to your httpd.conf or .htaccess file

Options -Indexes

;)

skateboard

6:00 pm on Dec 10, 2004 (gmt 0)

Thanks,
JV tech support (me) wonders where to find httpd.conf or .htaccess files?

;)

Thanks

skateboard

9:31 pm on Dec 10, 2004 (gmt 0)

dcrombie, YOU RULE!
This site is great, and worth every bit of $149 subscription.
Researched .htaccess, created file, uploaded it a few places and Voila! it worked.
Thanks
:)
I'm going to make varsity yet.

kk5st

11:11 pm on Dec 10, 2004 (gmt 0)

It is a good idea to be sure the following is set in httpd.conf or in your .htaccess files;


<Files ~ "\.ht"> 
  Order allow, deny 
  Deny from all 
</Files>

That will prevent the server from delivering the file should someone request it. It also protects such files as .htpasswd.

cheers,

gary