Web Hosting Forum - A Web Hosting community for Webmasters


Divi WordPress Theme

Author Topic: Preventing Directory Browsing  (Read 2740 times)

0 Members and 1 Guest are viewing this topic.

Offline Tech

  • Junior Guru
  • **
  • Posts: 183
  • iTrader: +2/-0
    • View Profile
Preventing Directory Browsing
« on: September 09, 2007, 10:49:53 AM »
Take a run out to your site and enter yoursite.com/images/ - just the name of your images folder, nothing else afterwards except for the trailing /.

If you see a “forbidden” or 403 error message, that’s normal, but if you see a list of files, it means that your server is configured to allow for directory browsing. You’ll notice that any folder that doesn’t have a default document in place will also behave in the same way.

It’s easy to fix; here’s two methods:

1) Find out what the default document name is on your server - most likely it’s index.htm or default.htm (or .html). Open up your html editor or even notepad and just save the file as the default document name. Don’t add any text to the file, just leave it blank; then upload it to any folder that you’re able to browse the directory of. This can be a little time consuming if you have many folders.

2) If your site is hosted on an Apache server, you can add *one* of the following lines to the .htaccess file in the root directory of your site:

IndexIgnore */*

or this option:

Options -Indexes

Be careful not to alter any other contents that might be in your .htaccess file

The first option will bring up a directory listing with nothing in it, the second will return a “forbidden” 403 error

If you don’t have a .htaccess file, you can create one in notepad - just be sure to save it as .htaccess (note the “.” preceding the file name). If you’re not sure if your server supports .htacess, check with your web host.

What’s a .htaccess file?

For sites hosted on Apache servers, the .htaccess file contains instructions for handling requests; including security, redirection issues, page rewriting and how to handle certain errors.

Why would you want to prevent directory browsing?

We all tend to leave files lying around in folders which may not be linked to or publicly displayed on our sites - items might be half finished pages, zip files not for general distribution etc. By preventing directory browsing, it lessens the chances of Joe Public stumbling on and viewing or downloading a file you don’t particularly want them to see.

Michael Bloch has been working the web as a successful marketing and development consultant since the late 90's. Michael owns and operates TamingTheBeast.net; a popular Internet marketing and ecommerce resources site providing online business owners and affiliate marketers with valuable free advice, articles, tutorials and tools.

Article Source: http://EzineArticles.com/?expert=Michael_Bloch
« Last Edit: January 01, 1970, 05:30:00 AM by Tech »

Divi WordPress Theme
Tags:
 

Related Topics

  Subject / Started by Replies Last post
1 Replies
2848 Views
Last post February 13, 2009, 12:31:05 AM
by Kailash
1 Replies
2820 Views
Last post June 25, 2009, 10:47:45 AM
by Kailash
6 Replies
2199 Views
Last post April 03, 2013, 11:53:55 AM
by Steve Smith
4 Replies
2104 Views
Last post August 22, 2015, 09:39:43 AM
by Thechipper
0 Replies
572 Views
Last post July 16, 2015, 03:59:19 PM
by vetalbon