"Disabling" folder with WAMP / Joomla - apache

I'm curious about a WAMP + Joomla feature...
On my project folder and within /www/, I have several Joomla folders that are accessible (features inside are usable) but when directly opened from the Web browser show no contents (but no error message is shown)... This is a behaviour I would like to make other folders have but I don't seem to be able to get it!
Let me explain a but further, folder called "CLI" if opened in web browser as:
.../components
returns a blank screen... But some of my modules are using content within, so folder is not restricted but contents are not visible through Web brower.
Now I have another folder:
.../clients
Which I would need to behave the same way as many modules of my site need this, but I can't afford to leave it "open" for users (if someone enters ".../clients" on their web browser, I need the output to be blank, same as the .../components folder above). Currently, if someone enters .../clients on a web browser, they can see all files within, this is a CRITICAL security bug for me.
I've succeeded to disable them by doing DENY FROM ALL in httpd.conf. However, this is not valid as it absolutely restricts everything within the folder, causing my modules to crash.
Hope you get the point, if not, happy to clarify :)
MANY MANY THANKS for your support!!!
PS - If possible, answer in a dummy way as I'm new to all of this Apache stuff.

The way Joomla returns a blank screen is by adding a blank index.html file in. Browsers prioritise a index.html file to display over the index.php file etc. So literally put in a index.html file in the subfolder containing:
<html>
<body bgcolor="#FFFFFF">
</body>
</html>

Related

Apache server taking me to wrong URL but only for one link

The problem is quite confusing and I haven't been able to find a solution for this, I tried clearing caches, deleting HTACCESS file, still doesn't work.
I am using WAMP, and my project's homepage is in a directory, so the URL structure is:
localhost/project/shop/
There are other pages, contact.html, about.html etc etc.
I wanted to rewrite the URLs to show it without .html so I used the suggestions here:
How to remove .html from URL
Most of those didn't worked well, the problem was that it instead taking me to
localhost/project/shop/about
to me to
localhost/about
So I quit the idea of doing that on the localhost, so I removed the htaccess file and all other links worked fine, except for one contact.html, somehow it is cached and now going to localhost/project/shop/contact.html still takes redirects me to localhost/contact
If I open the localhost in an Incognito tab or if I add ?random=anything... the links works.
Any idea where I went wrong and how do I fix the issue?
Thanks.

media folder suddenly empty

I'm trying to upload some images in my wordpress backend, but it fails every time. It could be permission issues because I have had trouble with that earlier in the project. But the weirdest thing is that I see on my server that the media folder is suddenly empty, while all the media in the wordpress backend is still there and the website is running fine. Anybody got an idea how this could have happened?
Try to edit one of the picture in the media on admin dashboard, there will be a text field titled 'File URL' on the right side.
Paste that into address bar and see if the browser loads it correctly. If yes then the problem is on the folder permission (or you might have opened the wrong directory), if not, you might wanna try to clear the browser cache or use another platform to open it.
Hope it helps!

How to bypass red5 demo page on start up?

At present, I start up red5 in linux command line ./red5.sh and it runs the script. Then I go to http://localhost:5080 demos page to set up my camera and audio input and all works fine in testing the stream both on demo page and in swf of my webpage.
Question is, do I need to include some java and/or action script for the swf player to
bypass the red5 demo page so I can directly connect my input and stream in the code of the page? Also so only logged in webpage viewers can connect?
Overall wondering if there is a way of hiding the server stream from anyone not logged in to view it on my site? I understand in webapps folder somewhere there is the hosts list of IP but it would be impossible to know the IP of the viewers as opposed to unwanted viewers or bandwidth stealers.
I am trying to set up a site for poetry readings and make it so readers can record live to my server and then logged in viewers can view from my website. I am trying to figure out whether I must have that red5 page open and if that doesn't pose some kind of risk.
Found my own way of doing this just by removing and renaming files and folders.
If you go to usr/local/red5/webapps here lies all the directories for viewing when you go to default port 5080 so I simply installed the applications I needed and then took everything out of there except those applications I wanted and needed to run. I took out all and placed it in a folder in /var directory named it red5_movedstuff in case I want access to further applications later on.Then I renamed the applications I am using in webapps folder and kept admin folder to access them but I renamed my applications and had to importantly rename also in WEB-INF for each application name change.
Now if someone goes to myip:5080 they get a blank page and by changing names of applications I've hidden my directories beyond that including list of streams.

Wamp Server Remembers Index Page and Icon

I created an index.html and several other pages. I then put them in my Wamp Server www directory. They worked fine, but now I have deleted them and put only a file called m.php. But, whenever I go to localhost, I still see the index page. Also, ever since I changed the icon of the index page, any html file in localhost still has that icon, even after I deleted it and the index page. What is going on?
Do a hard-refresh in your browser by pressing Ctrl-F5 on your keyboard while your website is in the window/tab. This will cause your browser to skip any caches and ignore existing expires headers on the files it pulled.
If that does not work, make sure you are actually working in the right folder, and also that you are not being redirected.

Preventing direct access to files in IIS 7

I have a PHP application running on a Micrisoft IIS 7 server. The application shows PDF files on an iFrame, which contains user's sensitive data that I wouldn't like to be directly accessed by anyone that knows the file address.
So basically, I'm looking for a way to protect files from direct browser access or download, but still be able to show it on the application's iFrame.
I made some research with Rewrite rules, but since the "HTTP_REFERER" of an iFrame is empty, I couldn't find a good solution
Any suggestions for this?
Thanks in advance
Without seeing any of your code, or how your application works, I can only give suggestions based on how I think your app works.
Rather than showing the files themselves, with links directly to those files, you should consider changing your application so that the PHP reads in the directory, displays the file names (however you want them to appear), with links that go to a download.php page. The download page (after checking whether the user has permission to download the file) then loads the file into memory and serves it out as a response (with appropriate Content-Disposition and Content-Type headers).
Since your PHP application can read files directly within the web directory, you can set up rewrite rules to prevent accessing those files from the web; that way, the files can only be accessed by the PHP application, which doesn't rely on rewrite rules to access the drive.
This is how places like Source Forge can display an advertisement with a countdown that your file download will begin in 5 seconds.