Welcome to WebmasterWorld Guest from 18.206.16.123

Forum Moderators: Ocean10000 & phranque

Message Too Old, No Replies

SSI what is a secure way to do this?

     
2:59 pm on Nov 14, 2003 (gmt 0)

New User

10+ Year Member

joined:Oct 15, 2003
posts:28
votes: 0


Hi forum,

i wrote some html files which are served with some SSI templates. My server root is /var/www/ and i copied these SSI templates to /var/www/include.

This wasnīt a good idea. Everybody with for example the HTTrack Website Copier can download the include templates. Also it is possible to show the directory with [mywebsite.com...]

Can i put these files for example in /home/user1/include and only Apache can access this directory and loading the SSI templates?

What must be done that a index.html can access and load SSI templates from /home/user1/include?

My Apache is running under www-data:www-data.
/var/www belongs to user1:www-data.

I tried it with google but couldnīt find a solution. Also a site like diveintomark.org stores its SSI templates under /var/www/include. So it canīt be wrong. But in my case i donīt want this if possible.

Thanks in advance
Markus

2:40 am on Nov 15, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 31, 2002
posts:25430
votes: 0


Markus,

I think that any file that is accessible via HTTP will be... accessible via HTTP. There's no good way to 'hide' things on the Web, short of password-protecting them.

You might want to look into blocking undesirable user-agents from your site using mod_rewrite and Key_Master's bad-bot script [webmasterworld.com].

Jim

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members