I am working on a CI Application.
Now I Have a folder in my project called base_ini, in which I have some config files. I want to secure this file, so no can can view its content directly from browser.
So I tried this two ways:
Put an index.html saying that Directory access is forbidden.
I put a .htaccess file in that folder with Deny from all
If I pass this in URl : www.example.com/base_ini I do get proper error message.
But still if from browser I pass this path www.example.com/base_ini/default.ini then I can view its content.
How can I stop this access?
Put below line in your htaccess file and put that file at www.example.com/base_ini/ (path)
Options -Indexes
Related
I have a directory called "db_interface". In this directory there are all the files .php that allow me to retrieve data from my database. If someone try to search one of this file in the searchbar of chrome or firefox, he can access to all of this content. I've tried to put in this directory an .htaccess file with
deny from all
and it worked. But if I want to use this files to provide the login or to do some ajax call, I have the same 403 error handled by the .htaccess.
In a nutshell I want be able to use this file only if is another page to call them and not if is an user using chrome or firefox searchbar.
Thanks to all
Update your .htaccess file in db_interface with following code.
It will prevent all the files from the direct access, but you can include all those prevented files in another independent file, and make d :
order deny,allow
deny from all
So I've my images folder, and I protect it with a index.php file with no text or anything. So they can't browse the images. But is this enough as security? I've tried to disable the url with php but without any success. Is there another way of doing this?
One easy way to prevent the directory content from being displayed is to disable directory listing.
Don't place an index file in the directory you like to prevent from public access. Create a .htaccess file add Options -Indexes to it. This would cause a http 403 error when you point to the directory.
Ok so my current sites is on the .htaccess method to block user access to the directory
e.g. http://www.example/_directory/ via Options All -Indexes
Question should I stick with that or is putting an index file e.g. index.php in every directory better? I'm thinking of an index.php that will redirect to the homepage rather than giving users an error 403 page.
Opinions?
It would be clever to build your web site in a way that these subdirectories also have content (e.g. about/ also shows some information, when about/history/ and about/our-company/).
If the directories contain only files, it's IMHO totally fine to just have a 403.
Answers to your questions might be very biased.
If you're on a Unix/Linux server, you don't need to have blank index files at all in your directories. Just create a .htaccess file and put the following code in it:
Code:
Options -Indexes
When anyone tries to access the contents of a directory that doesn't have an index file, they'll get a 403 error.
Ref : http://wildlifedamage.unl.edu/manual/mod/core.html#options
This is the problem:
I have this website with this structure:
php (folder)
css (folder)
js (folder)
index.php
In index.php, I use the include() php function to include the files who are inside the php folder, and I do the same in other files who are inside the php folder.
I have an .htaccess file in the php folder with this content: deny from all, so if I try to access one file in the php folder from the browser, I will get an 403 (Forbidden) error (this is fine)
The problem is that I need to make an Ajax request from a js file (in the js folder), and when I want to do this, I get the same 403 error. I tried to put in .htaccess:
<Files saveComment.php>
allow from all
</Files>
and now it works, but anyone could access the file from the browser and mess with my database (the file save "comments" in the database)
Any help? THANKS!
With your setup I would recommend routing all requests to your index.php file. So instead of saveComment.php you would have /comments/save which in turn internally execute the contents of saveComment.php
The reason for that is because once you set a deny to a directory using .htaccess then it will apply to all sub directories.
I am looking for a way to access a folder in a site that contains index.html or index.php .
But when I remove the index file, when I try to access list of contents from the url, I get
404 page not found
error ;
Is this possible to see contents of a folder with features that I said , if yes why ?
You could enable directory listing in your .htaccess file that you would put in the directory that you want to browse:
Options +Indexes
But the fact that you are getting 404 error might also mean that the directory doesn't exist at all on the server. So make sure it exists and has a .htaccess file inside it allowing directory browsing.