|
sponsored links |
|
|
sponsored links
|
|
1
17th April 21:56
External User
Posts: 1
|
restricting access to folders on server
i am using apache server and presently when i try accessing any folders of
my website i am able to browse the files ex = http://www.website.com/images which is a serious security risk as i am building a forum website using php and mysql. in the root directory i have created a .htaccess file and whenever someone access a file which is not on the server i have created a user friendly message that the file does not exist instead of a 404 error message displayed by the browser. similar to this how can i go about restricting users to browse all my folders in the toot directory. if anyone accesses for ex = http://www.website.com/phpscripts an alert should appear asking them to enter a username and password. 1. how can i do this using apache. 2. where do i write the username and password information and will this apply to all the folders in the root directory or specific directories. please advice. thanks. |
|
|
|
2
17th April 21:56
External User
Posts: 1
|
restricting access to folders on server
Sudhakar schrieb:
Hey, I think that should be the right Thing for you: http://httpd.apache.org/docs/2.0/howto/auth.html Have a nice Day n3or |
|
|
|
3
17th April 21:56
External User
Posts: 1
|
restricting access to folders on server
Assuming your images are for public consumption and that that dir only
contains those images, then it's not a security risk. You could put this in a .htaccess file: AuthType Basic AuthName "Administration Area" AuthUserFile "acl/admin.acl" Require valid-user acl/admin.acl is relative to the server root. You can create it using the htpasswd command. If you put that in .htaccess file, it will apply to that directory and any subdirectories. -- Richard Heyes Employ me: http://www.phpguru.org/cv |
|
|
|
4
18th April 00:22
External User
Posts: 1
|
restricting access to folders on server
In addition to Richard's suggestion, you can also place a
..htaccess file in each directory for which you don't want listing with this: Redirect Permanent index.php http://www.yourdomain.com/index.php That will automatically forward them to your homepage. Otherwise, you can turn off directory listing completely by ********ly stating it in your .htaccess file in your web root. It will work recursively for all directories in the web root. <Limit GET POST PUT DELETE> Order Deny,Allow Deny From All Options -Indexes </Limit> In the future, though, please only post PHP-related questions to this list. Apache has its own user lists where you can ask these questions. -- </Daniel P. Brown> Forensic Services, Senior Unix Engineer 1+ (570-) 362-0283 |
|
|
Linear Mode
