This is my problem, I have a index.php which is my login form. I will explain my problem so it should not be complicated to understand.
I have a main folder inside it is I have a folder named templates and index.php so this is what it would look like
Main Folder
class(folder)
templates(folder)
home.php
index.php
How can I make the templates folder unreachable so when any user types www.anysite.com/mainfolder/templates, the user can't see my templates folder or user cannot see my directory, or the user will be redirected to my Error Site.
Create a file named .htaccess in the folder with this content:
deny from all
try this in htaccess
<Files *>
Deny from all
</Files>
Create a .htaccess file and paste Redirect /mainfolder/ error-folder/403.php
Related
I have the following folder structure:
+users
-adduser.php
-viewuser.php
When a visitor navigates to example.com/users it's showing the folder structure. I need to restrict visitors ability to see the file listing, either by hiding it or removing it. How can I do that in php?
If you don't want to (or can't) deal with Apache configuration, create an empty file named index.html (or index.php if you prefer) in your users folder.
You can create a .htaccess file on root folder with following;
RewriteEngine on
Redirect 301 /users http://www.example.com/404.html
Then you just need to create 404.html in your website and change example.com with your domain.
Now your /users path will redirect to 404.html.
You can add the following to your Apache virtual host file:
<Directory "path_to_folder">
Options -Indexes
</Directory>
The above rule will disallow directory listing. It was suggested in this post: Using .htaccess, prevent users from accessing resource directories, and yet allow the sourcecode access resources
I'm trying to prevent access images folder on my the website with .htaccess
here is my folder
http://192.168.1.55/onlineshop/images/
if .htaccess file is not working than you can add index.html file in your folder with content of forbidden access, while anyone open's that url than index.html file will run. So your folder is prevent from direct use.
Hope this will helps you.
create .htaccess file in images folder
i.e
http://192.168.1.55/onlineshop/images/.htaccess
and add below code in .htaccess file
Deny from all
Create .htaccess in that folder with the following content.
Deny from all
Please i need your help with my website (testing stage).
I have a file system of this nature...
www (root)
{
school { //main project folder
images //images folder
uploads //user uploads folder
JavaScripts //JS folder
CSS // css folder
includes //includes folder
index.php
contactus.php
aboutus.php
register.php
} //main project folder
} //www folder
how can i prevent users from browsing through my folder system when they do somrthing like these:
http://127.0.0.1/school/css
http://127.0.0.1/school/images
http://127.0.0.1/school/includes
http://127.0.0.1/school/uploads
http://127.0.0.1/school/javascripts
Thnaks for your help....
See the following article on how to disable direct directory browsing
Specifically, search for Options Indexes in your .htaccess file. If one does not exist, add the following line to your .htaccess:
Options -Indexes
Directory browsing should not be available.
More methods are available at the article above.
You could also put an empty php or html file called index.php or index.html in every folder.
The users will be unable to browse those directories.
Create an .htaccess file to the directory you don't want to be navigated via url input..
and inside the file, put this line:
Deny from all
that's all.. enjoy..
and for security purposes use this lines instead:
Options -Indexes
I am building a website on localhost for now. My files are in the www folder.
Directly inside www, I have the index.php and more php pages.
I have also some folder like pictures/ which contains pictures submitted by users; css/ with all the css files; js/ width all the js files and includes/ with some PHP files
My problem is that when I input in the browser localhost/pictures, I see the list of all my pictures. Same thing for localhost/css , localhsot/js or localhost/includes. You have the list of all my file. and it means it could be easy for a robot to download all my files , except the PHP files (which, for some reason, are not downloaded properly : PHP code is not accessible).
Is there a way to prevent access to the main directory for the users ? I thought about writing an index.php file inside www/pictures that redirects to the index.php of www. I don't know anything about best practice in term of structure/organization of folder for a website.
Thanks
Sol 1 :
you can put a .htaccess file in that folder that contains just:
deny from all
That way you cannot open any file from that folder, but you can include them in php without any problems.
Sol 2 :
# disable directory browsing
Options All -Indexes
You can force Apache to show a forbidden message when someone tries to browse your indexes by placing a .htaccess file inside all of the directories you wish to prevent browsing.
Inside your .htaccess, add the following:
# disable directory browsing
Options All -Indexes
Similarly, you can create a robots.txt file inside your web root, and add the following:
User-agent: *
Disallow: /pictures/
Disallow: /css/
Disallow: /js/
Disallow: /includes/
You should of course be aware of the SEO implications of prevent robot access to your images.
Add below code to your .htaccess to your main project folder
# disable directory browsing
Options All -Indexes
Put user specific data in a folder outside of your web root.
Please i need your help with my website (testing stage).
I have a file system of this nature...
www (root)
{
school { //main project folder
images //images folder
uploads //user uploads folder
JavaScripts //JS folder
CSS // css folder
includes //includes folder
index.php
contactus.php
aboutus.php
register.php
} //main project folder
} //www folder
how can i prevent users from browsing through my folder system when they do somrthing like these:
http://127.0.0.1/school/css
http://127.0.0.1/school/images
http://127.0.0.1/school/includes
http://127.0.0.1/school/uploads
http://127.0.0.1/school/javascripts
Thnaks for your help....
See the following article on how to disable direct directory browsing
Specifically, search for Options Indexes in your .htaccess file. If one does not exist, add the following line to your .htaccess:
Options -Indexes
Directory browsing should not be available.
More methods are available at the article above.
You could also put an empty php or html file called index.php or index.html in every folder.
The users will be unable to browse those directories.
Create an .htaccess file to the directory you don't want to be navigated via url input..
and inside the file, put this line:
Deny from all
that's all.. enjoy..
and for security purposes use this lines instead:
Options -Indexes