Forum Moderators: bakedjake
We recently switched over from a IIS server to an Apache Unix server (to avoid hacker vulnerabilities).
So now I need to learn some of the different ways of doing things in UNIX...
On our old Windows Administration Console, I could turn off Directory Listing. But I can't find that option on our Web host's Unix Admin Console.
I don't want people to see my directory structure in their browser when accessing a subdirectory which doesn't have an index.htm file.
Can you lend me some help here?
Also, if you have any resources or websites to suggest to help me in learning more about the Unix platform, I'd be most grateful.
Sincerely,
Gene
Options -Indexes
Now a 403 error will be returned instead.
Options +FollowSymlinks
<Files .htaccess>
deny from all
</Files>
The first option turns on symbolic links, which may help. The next line prevents anyone from seeing what is in your .htaccess file. You can add additional files here as you see fit.
While you are at it, you may also want to ban a number of user agents (see www.webmasterworld.com/forum23/2125.htm) and/or create a bad-bot trap (see www.webmasterworld.com/forum13/1823.htm).
I'm not sure how useful it is to burden you .htaccess file with a bazillion bad UA's, as many spammers/scrapers/etc. are now resorting to faking UA's. Thus, a bot trap might be your best bet in terms of keeping the bad guys out.
I simplified the task on my server using a PERL script called Guardian by Fluid Dynamics Software. This script comes with a nice installer (no prior knowledge required) and the author gives great support.
By hiding a fictional URL on each page of my site, web-suckers and e-mail scrapers are identified and sent to the 403 purgatory via .htaccess. 24 hours later, I use a CRON job to recycle the .htaccess file and unban the previously banned IPs.
Stickymail me if you have further questions. Cheers!
