Please i need your help with my website (testing stage).
I have a file system of this nature...
www (root)
{
school { //main project folder
images //images folder
uploads //user uploads folder
JavaScripts //JS folder
CSS // css folder
includes //includes folder
index.php
contactus.php
aboutus.php
register.php
} //main project folder
} //www folder
how can i prevent users from browsing through my folder system when they do somrthing like these:
http://127.0.0.1/school/css
http://127.0.0.1/school/images
http://127.0.0.1/school/includes
http://127.0.0.1/school/uploads
http://127.0.0.1/school/javascripts
Thnaks for your help....
See the following article on how to disable direct directory browsing
Specifically, search for Options Indexes in your .htaccess file. If one does not exist, add the following line to your .htaccess:
Options -Indexes
Directory browsing should not be available.
More methods are available at the article above.
You could also put an empty php or html file called index.php or index.html in every folder.
The users will be unable to browse those directories.
Create an .htaccess file to the directory you don't want to be navigated via url input..
and inside the file, put this line:
Deny from all
that's all.. enjoy..
and for security purposes use this lines instead:
Options -Indexes
Related
I'm trying to prevent access images folder on my the website with .htaccess
here is my folder
http://192.168.1.55/onlineshop/images/
if .htaccess file is not working than you can add index.html file in your folder with content of forbidden access, while anyone open's that url than index.html file will run. So your folder is prevent from direct use.
Hope this will helps you.
create .htaccess file in images folder
i.e
http://192.168.1.55/onlineshop/images/.htaccess
and add below code in .htaccess file
Deny from all
Create .htaccess in that folder with the following content.
Deny from all
Please i need your help with my website (testing stage).
I have a file system of this nature...
www (root)
{
school { //main project folder
images //images folder
uploads //user uploads folder
JavaScripts //JS folder
CSS // css folder
includes //includes folder
index.php
contactus.php
aboutus.php
register.php
} //main project folder
} //www folder
how can i prevent users from browsing through my folder system when they do somrthing like these:
http://127.0.0.1/school/css
http://127.0.0.1/school/images
http://127.0.0.1/school/includes
http://127.0.0.1/school/uploads
http://127.0.0.1/school/javascripts
Thnaks for your help....
See the following article on how to disable direct directory browsing
Specifically, search for Options Indexes in your .htaccess file. If one does not exist, add the following line to your .htaccess:
Options -Indexes
Directory browsing should not be available.
More methods are available at the article above.
You could also put an empty php or html file called index.php or index.html in every folder.
The users will be unable to browse those directories.
Create an .htaccess file to the directory you don't want to be navigated via url input..
and inside the file, put this line:
Deny from all
that's all.. enjoy..
and for security purposes use this lines instead:
Options -Indexes
This is my problem, I have a index.php which is my login form. I will explain my problem so it should not be complicated to understand.
I have a main folder inside it is I have a folder named templates and index.php so this is what it would look like
Main Folder
class(folder)
templates(folder)
home.php
index.php
How can I make the templates folder unreachable so when any user types www.anysite.com/mainfolder/templates, the user can't see my templates folder or user cannot see my directory, or the user will be redirected to my Error Site.
Create a file named .htaccess in the folder with this content:
deny from all
try this in htaccess
<Files *>
Deny from all
</Files>
Create a .htaccess file and paste Redirect /mainfolder/ error-folder/403.php
I am building a website on localhost for now. My files are in the www folder.
Directly inside www, I have the index.php and more php pages.
I have also some folder like pictures/ which contains pictures submitted by users; css/ with all the css files; js/ width all the js files and includes/ with some PHP files
My problem is that when I input in the browser localhost/pictures, I see the list of all my pictures. Same thing for localhost/css , localhsot/js or localhost/includes. You have the list of all my file. and it means it could be easy for a robot to download all my files , except the PHP files (which, for some reason, are not downloaded properly : PHP code is not accessible).
Is there a way to prevent access to the main directory for the users ? I thought about writing an index.php file inside www/pictures that redirects to the index.php of www. I don't know anything about best practice in term of structure/organization of folder for a website.
Thanks
Sol 1 :
you can put a .htaccess file in that folder that contains just:
deny from all
That way you cannot open any file from that folder, but you can include them in php without any problems.
Sol 2 :
# disable directory browsing
Options All -Indexes
You can force Apache to show a forbidden message when someone tries to browse your indexes by placing a .htaccess file inside all of the directories you wish to prevent browsing.
Inside your .htaccess, add the following:
# disable directory browsing
Options All -Indexes
Similarly, you can create a robots.txt file inside your web root, and add the following:
User-agent: *
Disallow: /pictures/
Disallow: /css/
Disallow: /js/
Disallow: /includes/
You should of course be aware of the SEO implications of prevent robot access to your images.
Add below code to your .htaccess to your main project folder
# disable directory browsing
Options All -Indexes
Put user specific data in a folder outside of your web root.
I have a folder named import at my root directory where the public folder resides. In the import folder i have lots of sub folders and each sub folder contain images and pdf files. when a user directly access the import folder through url like
www.mysite.com/import/subfolder/image.jpg
The image opens in the browser but when he trys to open any pdf file he is not allowed to open the pdf.
Now when he access the following in url he can see the whole directory structure
www.mysite.com/import/subfolder
Now he can only see all the images in the subfolder with above url
www.mysite.com/import/
with this one he can see all the folders in import The good thing is he can only see images in the folders not the pdfs.
Is it possible that I somehow disable this listing of directory as well?
Thanks in advance
You can add this line to .htaccess:
Options -Indexes
That will disable indexes.
To prevent directory listings, create a .htaccess file which includes the following text:
IndexIgnore *
You can disable the directory listing on a per-directory level in .htaccess using Options -Indexes in the Directory, for example:
<Directory /absolute/path/to/www.mysite.com/import/>
...
Options -Indexes
...
</Directory>
This way you can disable directory listing for one directory, but still allow it for another.