I am building a website on localhost for now. My files are in the www folder.
Directly inside www, I have the index.php and more php pages.
I have also some folder like pictures/ which contains pictures submitted by users; css/ with all the css files; js/ width all the js files and includes/ with some PHP files
My problem is that when I input in the browser localhost/pictures, I see the list of all my pictures. Same thing for localhost/css , localhsot/js or localhost/includes. You have the list of all my file. and it means it could be easy for a robot to download all my files , except the PHP files (which, for some reason, are not downloaded properly : PHP code is not accessible).
Is there a way to prevent access to the main directory for the users ? I thought about writing an index.php file inside www/pictures that redirects to the index.php of www. I don't know anything about best practice in term of structure/organization of folder for a website.
Thanks
Sol 1 :
you can put a .htaccess file in that folder that contains just:
deny from all
That way you cannot open any file from that folder, but you can include them in php without any problems.
Sol 2 :
# disable directory browsing
Options All -Indexes
You can force Apache to show a forbidden message when someone tries to browse your indexes by placing a .htaccess file inside all of the directories you wish to prevent browsing.
Inside your .htaccess, add the following:
# disable directory browsing
Options All -Indexes
Similarly, you can create a robots.txt file inside your web root, and add the following:
User-agent: *
Disallow: /pictures/
Disallow: /css/
Disallow: /js/
Disallow: /includes/
You should of course be aware of the SEO implications of prevent robot access to your images.
Add below code to your .htaccess to your main project folder
# disable directory browsing
Options All -Indexes
Put user specific data in a folder outside of your web root.
Related
I have the following folder structure:
+users
-adduser.php
-viewuser.php
When a visitor navigates to example.com/users it's showing the folder structure. I need to restrict visitors ability to see the file listing, either by hiding it or removing it. How can I do that in php?
If you don't want to (or can't) deal with Apache configuration, create an empty file named index.html (or index.php if you prefer) in your users folder.
You can create a .htaccess file on root folder with following;
RewriteEngine on
Redirect 301 /users http://www.example.com/404.html
Then you just need to create 404.html in your website and change example.com with your domain.
Now your /users path will redirect to 404.html.
You can add the following to your Apache virtual host file:
<Directory "path_to_folder">
Options -Indexes
</Directory>
The above rule will disallow directory listing. It was suggested in this post: Using .htaccess, prevent users from accessing resource directories, and yet allow the sourcecode access resources
Please i need your help with my website (testing stage).
I have a file system of this nature...
www (root)
{
school { //main project folder
images //images folder
uploads //user uploads folder
JavaScripts //JS folder
CSS // css folder
includes //includes folder
index.php
contactus.php
aboutus.php
register.php
} //main project folder
} //www folder
how can i prevent users from browsing through my folder system when they do somrthing like these:
http://127.0.0.1/school/css
http://127.0.0.1/school/images
http://127.0.0.1/school/includes
http://127.0.0.1/school/uploads
http://127.0.0.1/school/javascripts
Thnaks for your help....
See the following article on how to disable direct directory browsing
Specifically, search for Options Indexes in your .htaccess file. If one does not exist, add the following line to your .htaccess:
Options -Indexes
Directory browsing should not be available.
More methods are available at the article above.
You could also put an empty php or html file called index.php or index.html in every folder.
The users will be unable to browse those directories.
Create an .htaccess file to the directory you don't want to be navigated via url input..
and inside the file, put this line:
Deny from all
that's all.. enjoy..
and for security purposes use this lines instead:
Options -Indexes
I am using codeigniter and have put the assets folder in the root of the application that contains a .htaccess file having the content
Deny from all
This is causing problems when I want to connect to the assets folder to get the stylesheets etc. So my question here is is there any way that I can allow the access just to that assets folder, that I have?
I have never used .htacces files so have a very basic knowlege of it. I did some research on my own as well but I wasn't able to find the solution.
In your assets directory add another .htaccess file with the following:
# /assets/.htaccess
Allow from all
And I am assuming in your root directory you have the following (which you will leave):
# /.htaccess
Deny from all
Update: Based on your comment, what you are looking to do is not really possible. The browser needs to have access to your CSS file in order to use it on your page.
Please i need your help with my website (testing stage).
I have a file system of this nature...
www (root)
{
school { //main project folder
images //images folder
uploads //user uploads folder
JavaScripts //JS folder
CSS // css folder
includes //includes folder
index.php
contactus.php
aboutus.php
register.php
} //main project folder
} //www folder
how can i prevent users from browsing through my folder system when they do somrthing like these:
http://127.0.0.1/school/css
http://127.0.0.1/school/images
http://127.0.0.1/school/includes
http://127.0.0.1/school/uploads
http://127.0.0.1/school/javascripts
Thnaks for your help....
See the following article on how to disable direct directory browsing
Specifically, search for Options Indexes in your .htaccess file. If one does not exist, add the following line to your .htaccess:
Options -Indexes
Directory browsing should not be available.
More methods are available at the article above.
You could also put an empty php or html file called index.php or index.html in every folder.
The users will be unable to browse those directories.
Create an .htaccess file to the directory you don't want to be navigated via url input..
and inside the file, put this line:
Deny from all
that's all.. enjoy..
and for security purposes use this lines instead:
Options -Indexes
I can't figure out how to use .htaccess to redirect when any file is accessed within a directory, or, how to redirect when a specific file type (eg. .txt or .php) is accessed.
I've got a directory called "contents" where I'm storing .txt files, these are pulled into the main page using php. However, I don't want users to be able to access the specific text files where the contents are, eg. going directly to .../contents/textfile.txt. I'd like if a user happened on a .txt file, or any file within the contents directory, to be redirected to the root site.
If this isn't the right approach, please let me know what would be so I can search to attack it from another way.
Thanks in advance!
I would prefer to lock the directory down, so that users are informed that it's an invalid directory. Create a .htaccess file in the contents-directory with the following text:
deny from all
If you want a redirect, you should investigate "mod_rewrite" - a module that is installed on many webhosts. It will probably be something similar to
RewriteEngine on
RewriteRule ^.+ http://www.example.com/ [R,L]
use the Deny Directive
add,
Order Deny,Allow
deny from all
allow from 127.0.0.1
into a .htaccess and place it in contents directory.