Tom's Guide | Tom's Hardware | Tom's Games

Computing.Net > Forums > Web Development > Subfolder security

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Subfolder security

Reply to Message Icon

Name: xeons
Date: July 21, 2005 at 21:14:12 Pacific
OS: apache
CPU/Ram: 2.5
Comment:

Hello,

Recently i purchased a hosting package. Everything is fine except one factor. If a user try to view www.domain.com/images its showing all the images/files that r in that particular folder which i guess is a draw back. Please help me to set the permissions as forbidden if someone tries to access such subfolders. Please do tell me in details what to do how to do so as to fix this problem. Also tell me will i face any difficulty if i set such fix or stop users accessing sub folders.

Its urgent as i can't upload my site before fixing this (as i sell products users can directly go to subfolder and can download without registering).

PS: I informed my hosting company and all they say is they are still working on.



Sponsored Link
Ads by Google

Response Number 1
Name: Laler
Date: July 21, 2005 at 21:44:09 Pacific
Reply:

the fast & easiest way is to upload an empty index.htm :D

:::::

---
Site of the Day


0

Response Number 2
Name: xeons
Date: July 21, 2005 at 21:53:22 Pacific
Reply:

well that won't be a perfect way of doing as of my knowledge.. Because it should not allow user to access such kind of viewing/usage.. so i prefer setting permission or something similar that way..

Thanks for the suggestion tho


0

Response Number 3
Name: Laler
Date: July 21, 2005 at 22:20:08 Pacific
Reply:

so i prefer setting permission or something similar that way

if you create a restriction rule to /image then you can't use anything in that folder for public pages, even if the page is outside the /image folder.

To disable directory browsing, if your hosting use cPanel then there's a menu called "Index Manager". This is where you can disable directory browsing to any folder.

If the hosting dont use cPanel, examine the menu. Almost all good hostings I know, whether with cPanel, plesk, or their own self-created control panel, will have option to disable directory browsing in a 'user friendly' way.

If no user friendly menu found, you can upload a file called .htaccess to the /image folder, with this line below as the only content:

Options All -Indexes

:::::

Actually, putting an empty index.htm is not uncommon. A lot of CMS use this method to save troubles when dealing with different server settings (there are possibilities like there must be another server-specific line be placed on every .htaccess created, etc)

---
Site of the Day


0

Sponsored Link
Ads by Google
Reply to Message Icon

Related Posts

See More



Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.


Go to Web Development Forum Home


Sponsored links
Ads by Google


Results for: Subfolder security
Guestbook security. www.computing.net/answers/webdevel/guestbook-security/2447.html

Secure sites? www.computing.net/answers/webdevel/secure-sites/386.html

Security Crisis www.computing.net/answers/webdevel/security-crisis/769.html