04-06-2004, 02:57 AM
Guys, sorry, i know i should've posted this in apache forums but peeps here very active and helpful to beginners...
anyway, i change my httpd.conf <Controls who can get stuff from this server.> Allow from All
...well good.. but now, they can see the contents of my folders.. and everything.. how can i prevent users from seeing my files...
04-06-2004, 10:33 AM
I don't know if this can help you :thumbsup:
In your root dir, create 3 index files.
if this dosen't help try to look in you're conf file for the line containing : DirectoryIndex index.html index.html.var, this is the default setting, and shows that index.html is the default webpage that the browser would open, but if it dosen't exist it will list the dir instead.
But try to create those 3 index files, i think that could help you out or edit the conf, with the Directoryindex line, should look like this the
DirectoryIndex index.php index.html index.htm
Hope i works, i'm still new in apache only tried it out for 2 days now :D
04-06-2004, 11:27 AM
Tnx., actually things are ok.... they can see my site.. and load by default "index.htm" ... but the thing is... ofcourse there are lots of folders in a site... i mean, users can navigate my site by typing like this..
http://site/ ... OK no problem, the index file is loaded, but users who wanted to view the content of my site do this..
http://site/images/ .... boom.. all the files are listed, i try doing this to other web sites.. and they give a prompt: <HTTP 403> "You are not authorized to view this page."
WELL how can i enforce this security in my site...?? thanks anywy.. it's really hard when ur a beginner...
04-06-2004, 11:42 AM
You can put a index file in every folder, that can then redirect to the error page or you can create you own error page like Access Denied, no entry granted or make a redirect to the front end of your webpage.
I'm always putting a index. php, index.html, index.htm in every folder i have, it's easy and quick.
just copy them to every folder and you are done. :thumbsup:
Sorry for my bad English I'm Danish :cool:
I think you better solve this by disabeling directory browsing
04-06-2004, 01:59 PM
I think this line is what's causing you problems (in your httpd.conf)
Options Indexes FollowSymLinks MultiViews
Delete the 'Indexes' and you should get the same 403 error.
(btw - The title reminded me of the now famous "I see dead people" line :D )
04-07-2004, 07:37 AM
You can use .htaccess to restrict directory viewing.