...

View Full Version : They can see my files



php_stud
04-06-2004, 01:57 AM
Guys, sorry, i know i should've posted this in apache forums but peeps here very active and helpful to beginners...

anyway, i change my httpd.conf <Controls who can get stuff from this server.> Allow from All

...well good.. but now, they can see the contents of my folders.. and everything.. how can i prevent users from seeing my files...

thanks.

Benno
04-06-2004, 09:33 AM
Hi There

I don't know if this can help you :thumbsup:

In your root dir, create 3 index files.

index.html
index.htm
index.php

if this dosen't help try to look in you're conf file for the line containing : DirectoryIndex index.html index.html.var, this is the default setting, and shows that index.html is the default webpage that the browser would open, but if it dosen't exist it will list the dir instead.

But try to create those 3 index files, i think that could help you out or edit the conf, with the Directoryindex line, should look like this the

DirectoryIndex index.php index.html index.htm

Hope i works, i'm still new in apache only tried it out for 2 days now :D


Regards



Benno

php_stud
04-06-2004, 10:27 AM
Tnx., actually things are ok.... they can see my site.. and load by default "index.htm" ... but the thing is... ofcourse there are lots of folders in a site... i mean, users can navigate my site by typing like this..

http://site/ ... OK no problem, the index file is loaded, but users who wanted to view the content of my site do this..

http://site/images/ .... boom.. all the files are listed, i try doing this to other web sites.. and they give a prompt: <HTTP 403> "You are not authorized to view this page."

WELL how can i enforce this security in my site...?? thanks anywy.. it's really hard when ur a beginner...

Benno
04-06-2004, 10:42 AM
You can put a index file in every folder, that can then redirect to the error page or you can create you own error page like Access Denied, no entry granted or make a redirect to the front end of your webpage.

I'm always putting a index. php, index.html, index.htm in every folder i have, it's easy and quick.
just copy them to every folder and you are done. :thumbsup:

BR

Benno

Sorry for my bad English I'm Danish :cool:

raf
04-06-2004, 11:24 AM
I think you better solve this by disabeling directory browsing
http://www.google.be/search?q=apache+directory+browsing+prevent&ie=UTF-8&oe=UTF-8&hl=nl&meta=

bcarl314
04-06-2004, 12:59 PM
I think this line is what's causing you problems (in your httpd.conf)



Options Indexes FollowSymLinks MultiViews


Delete the 'Indexes' and you should get the same 403 error.

(btw - The title reminded me of the now famous "I see dead people" line :D )

dniwebdesign
04-07-2004, 06:37 AM
You can use .htaccess to restrict directory viewing.

php_stud
04-12-2004, 12:50 AM
thanks a lot guys... !!!



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum