How do you hide the folders in your websites public_html folder? - permissions

I don't like how if you go to certain folders on my website that don't contain a .html file that it will list all the files in it. I don't want to give access to that. Such as: http://christianselig.com/css
How do I hide these?

You need to tell your webserver to stop directory listings. For apache, add this to your httpd.conf or any other related config file
<Directory /path/to/directory>
Options -Indexes
</Directory>
If placed in a .htaccess file, AllowOverride Options must be enabled for the desired directory.

If you are using Apache webserver and have access to httpd.conf you can set "Options -Indexes" for directory which content you want to hide.
If you have no access to httpd.conf you can create .htaccess file in directory which content you want to hide with "IndexIgnore *"

Related

How to fix Directory Listing

I am setting the XAMPP on Linux Suse for my web application.
Inside htdocs folder, I created "uploads" folder for keeping Images, video files from user uploaded.
Anyway, when I try with URL http://www.my-domain-name/uploads, It is showing directoty listing
I have tried to put .httaccess file inside "uploads" folder, it is not showing directoty listing BUT I cannot access to files inside that folder.
This is my code in .httaccess file.
<IfModule authz_core_module>
Require all denied
</IfModule>
<IfModule !authz_core_module>
Deny from all
</IfModule>
I would like to hide "directory listing" from outside BUT my app still can access all files from this folder.
I have used this code and it's working:
<IfModule authz_core_module>
Options FollowSymLinks
</IfModule>
<IfModule !authz_core_module>
Options FollowSymLinks
</IfModule>
Result: I cannot access "uploads" folder via URL BUT my app still access with all files in that folder correctly.

Allow listing on all folders matching name (images) using .htaccess

I want to allow listing (Options +Indexes) but only on a specific folder name.
The problem is that I have random folders inside a template folder and I want to allow listing only to folders named images that are under.
Is that possible with .htaccess?
In your root .htaccess place this line to disable directory listing globally:
Options -Indexes
Create images/.htaccess file and place this line:
Options +Indexes
What about using the <DirectoryMatch> directive?
It should allow you to define similar code:
<DirectoryMatch "/images/">
Options +Indexes
</DirectoryMatch>

How to allow files to be accessed by scripts but not the internet - Apache

I wish to set up an apache server running php. I want all the files in a particular folder (say /site/ ) to be accessible from www.example.com/ . However I wish the files in /site/data/ to be not visible through www.example.com/data/ . I want www.example.com/fun.php script to be able to read/write to /site/data/ . What is the best way to do this through premissions and the apache defalt file?
You need to set up your directory structure slightly differently to what you have proposed. Rather run your site under a directory like:
/site/html
and store your data under a directory like:
/site/data
configuring Apache to only serve files from /site/html and not /site/data
or if you are using a more traditional apache directory structure then put the files you want publicly accessible through the web server in:
/var/www/html
and the private data files you only want your application to have access to in something like:
/var/www/data
Your Apache conf file will then contain something like:
DocumentRoot "/var/www/html"
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
This way the files in /var/www/data will not be publicly accessible but these files can still be accessed by php scripts in /var/www/html/
Disable Apache directory listings by putting this in your .htaccess file under /site/data
Options -Indexes

if I set `AllowOverride` to allow the use of .htaccess files, then how do I restrict Apache to not look for .htaccess in every directory?

But just look in the specific directory to increase my webserver performance?
Apache always look for .htaccess in every directory if AllowOverride is set to All, so is there any directive to prevent Apache to not look in every directory?
You should set allowoverride none on any directory (this configuration will include subdirectories) which you don't want to allow overriding.

Apache Windows httpd.conf AccessFileName problem

I am using Apache 2.2.17 for Windows. To set up .htaccess file, when I was going through httpd.conf file, I was not able to find the word called “AccessFileName”. I believe there should be a line like this: AccessFileName .htaccess. How can I solve this?
Here is the httpd.conf file.
The AccessFileName .htaccess is default. If it is not present, that is what it's using. If you would to like use a different filename, you can add the line in and replace .htaccess accordingly.
I solved it by changing AllowOverride None to AllowOverride All inside <Directory>
As you can read here
It says:
While processing a request the server
looks for the first existing
configuration file from this list of
names in every directory of the path
to the document, if distributed
configuration files are enabled for
that directory. For example:
AccessFileName .acl
before returning the document
/usr/local/web/index.html, the server
will read /.acl, /usr/.acl,
/usr/local/.acl and
/usr/local/web/.acl for directives,
unless they have been disabled with
<Directory> AllowOverride None
</Directory>