I have a web application. It's back-end is in PHP. There are some directories inside the application. Some of the directory has index.php file. The Problem is when I am trying to route users to other .html pages in the same directory it's working fine. Now one of the directory has index.php file and in the link I have given the relative path to the folder (So by default it is loading index.php file in that directory from Desktop,Labtop etc) but it is not loading that page when I try to run the same from any mobile browser. After Inspection I realized that I can see somefolder/index.php in the address bar while in mobile it is just till the somefolder i.e it is not trying to load index.php file due to which I get "Not Found" 404 error
You have to set your DirectoryIndex correctly. When calling the directory from an web accessible URL without any file name, it tries to access your DirectoryIndex file, per default it is called index.php, index.html, index.htm, index.cgi etc.. This depends also on your platform. Different systems have different default DirectoryIndex configurations. If those index file does not exist, you should see the directory listing in the web browser, even if the web server user has the rights to list the content of the current directory (special bit under Linux/UNIX and maybe protected by advanced kernel security applications like selinux or AppArmor).
What happens, if you try to access the folder directly without any file name from an desktop browser? Will you get there the HTML output of index.php?
Related
I uploaded my website from my UAT/Test domain to EC2 AWS. Before everything was fine, but now only home page opens.
And if I try to navigate to any other links I can't, it gives following error
The requested URL /page/company was not found on this server.
But when I insert index.php in between it works fine.
Any ideas?
Please enable mod_rewrite module in your server and rewrite index.php in htaccess file.
Please check your file premissions
I believe the issue could be DirectoryIndex which apache (not positive that is what you are using as web server) uses to direct the user to a specific file if a directory is selected in the URL.
This can be set in your apache config if you have access, or in a .htaccess file if you only have access to the your webspace itself.
http://www.htaccess-guide.com/directoryindex-uses/
Basically with DirectoryIndex you can tell apache to automatically use index.php, or index.html, or really whatever file you want to be used when no file in a directory is given in the URL.
I am working on a CI Application.
Now I Have a folder in my project called base_ini, in which I have some config files. I want to secure this file, so no can can view its content directly from browser.
So I tried this two ways:
Put an index.html saying that Directory access is forbidden.
I put a .htaccess file in that folder with Deny from all
If I pass this in URl : www.example.com/base_ini I do get proper error message.
But still if from browser I pass this path www.example.com/base_ini/default.ini then I can view its content.
How can I stop this access?
Put below line in your htaccess file and put that file at www.example.com/base_ini/ (path)
Options -Indexes
I have a joomla website.
In my public_html where Joomla is installed, I have a directory named "logs-list".
When I go to the address http://example.com/logs-list/file.txt, I expect the file to be shown, but instead APACHE redirects to index.php, it assumes as if this is a request for Joomla. This has confused me. What should I do?
UPDATE
how I can tell in .htaccess to stick to the physical directory for a certain URL?
So I'm on a 15-day trial of my (already paid) webhosting and they seem very good, at least they did until I got my FTP.
I have a php script that needs a folder outside of the root directory
Example:
website root:
/users/websites/public_html/ <- folder which users / browsers have access to
The script needs a folder here:
/users/websites/ <- above the root
for example /users/websites/sensetive_data/ <- browsers cannot acces this
but that's impossible on my web-host "because it's a shared hosting" <- their answer. And they can't change the root path.
So I cannot create any directories or files above /users/websites/public_html/
So, well, to no cancel my trial immediately, maybe I will try to do it in another way, I want to use htacces to restrict acces to a directory, and all the files in it and it's subdirectories,
So I can move the 'sensetive_data' folder to /users/websites/public_html/sensetive_data
I want it to redirect to the main page (so when accessing /users/websites/public_html/sensetive_data/* [http://example.com/sensetive_data/*] it will go to /users/websites/public_html/ [http://example.com/],
so even if the user knows the exact url, he/she will be redirected. How can I accomplish that?
If you want to do a redirect for a folder, say /users/websites/sensitive_data/
create a file in that folder called .htaccess and add the following (and specify the url to redirect to)
Options -Indexes
ErrorDocument 403 http://mysite.net/
In /users/websites/sensetive_data/.htaccess write:
Deny From All
For your whatever PHP script you need to change it yourself.
Is it possible to hide a folder from the www directory so that the php files will not be seen if you access it through a web browser?
I'm doing this because I'm not yet good enough to secure those files and the mysql database that they are manipulating.
Or even a trick that would make the web browser not to be able to access the localhost is fine. Please
If you have a directory and you don't want Apache being able to serve any file that's in it, you can create a .htaccess file in that directory, containing :
Deny from all
This will make sure Apache refuses serving any file from that directory -- but they will still be accessible by PHP scripts running from another directory or from the command-line.
If you want Apache to be able to serve the files, but not list the content of the directory when a user accesses that directory without any filename in the URL, you can use this in your .htaccess file :
Options -Indexes
This will disable listing of files inside the directory that contains the .htaccess file -- but will not prevent Apache from serving the files themselves.
Just put the files outside of the document root and include them from there.
A very simple trick if you don't have Apache, hence no access to .htaccess (that sounds like I'm repeating myself), just create a file index.htm or index.html containing NOTHING. Any attempt to access that folder will just show a blank page.