I have a "uploads" folder outside my protected folder, where I am saving all the user's profile images, the problem is when someone enters the url like:
http://localhost/myweb/upload/
they can see all the images inside that folder.
So, I have two questions:
How do I restrict this?
Should I create the uploads folder inside the protected folder?
Thanks in advance.
Create .htaccess file in upload folder and put in the following line in your .htaccess file
Options -Indexes
create .htaccess file and write this "Deny from all" without quote.
Related
I have a static website on an Apache server. I have an folder (who's name I don't give out to anyone else) that I don't want anyone to randomly stumble upon. Is there any way to have directory listing under a different page?
To clarify, I have directory listing turned off at the root folder of example.com. In the subfolder that correspondes to example.com/folder1/, I have another .htaccess that allows directory listing. However, I don't want someone who types in example.com/folder1/index.html or the equivalent to see the directory listing. I want them to have to go to example.com/folder1/otherindex.html to see the listing.
Is this possible with Apache?
Should be
DirectoryIndex filename
in your .htaccess
I have a generic site in /var/www/ and I did put my webpages in html, including sub folder that I am planning to use to store pdf and doc files.
Now; I would like that when a user go to mysite/files/docs or mysite/files/pdf, they can see the list of files, but even if they click on the parent link on that page, or if they type the url (like mysite/files); they won't see the list.
Is possible to enable the file display feature but only for certain folders? I did check Apache manual and it has options to set in httpd.conf file, although it was not really showing how to turn on or off specific folders; just how to turn it on and off globally.
I have .htaccess files that I use for settings, but even in that case; I can't find a way to display only some folder content and not others.
Create a .htaccess file in each directory files/docs and files/pdf
Then inside each .htaccess file add
Options +Indexes
That's it. It will display the files of only those 2 directories.
Is there a way to stop people from accessing directories where all my members file's are stored.
For example, I have mysite.com/members/$mem_id and in there that particular members files are stored, such as images. Is there a way to stop all of these been accessed directly from the URL bar, without placing index.php in every folder, possibly with .htaccess?
Also, once the folders have being blocked, the site itself still needs to access the files in them to display round the site.
To disable directory listing you can use .htaccess and adding this line
Options -Indexes
I've started using SCSS so in my css folder in my project, I have main.css and main.scss.
Is there any way I can prevent hide main.scss when I put this on my ftp? So it's still there, but not available for direct access?
Thanks!
Put this inside a .htaccess in the directory with the file you want to hide. Rename the file appropriately though (instead of yourfile.css).
<files yourfile.css>
deny from all
</files>
Of course you can also do this in your httpd.conf file aswell but the paths will need to be amended.
The problem with #GhostInTheSecureShell's answer is that this also denies access to the files, so the browser cannot download yourfile.css any more, which is probably not what you wanted.
To hide files (or directories) from index listings, but still allow access to them, use
IndexIgnore yourfile.css
in your .htaccess file.
This also works with patterns, so you can hide all css files using
IndexIgnore *.css
Or just name the files that you want to hide with a certain pattern, so, for example
IndexIgnore hide_me_*
will hide all files or directories that start with hide_me_.
Sorry for the newbie question...
When I go to http://www.plans4boats.com/scripts/youtubeplayer/ in Google Chrome, I can see a full listing of the files there. What should I do if I don't want any old hacker to just come in and view/copy my source codes? Does it have something to do with htaccess?
I discovered that putting a blank index.html file in the folder helps for THAT folder, but it still leaves all subfolders vulnerable.
What should I google for more information on how to set up my server to prevent this?
Just set Options -Indexes for that particular directories either in an .htaccess file or a <Directory> or <Location> container.
What you need to do is turn of Directory Listing for your specific server. I don't know what server you're using so I can't walk you through it, but just google your server name and how to disable directory listing.
I created a file called .htaccess and put the following contents:
IndexIgnore /