• Welcome to Web Hosting Community Forum for Webmasters - Web hosting Forum.

Preventing Directory Browsing

Started by Tech, September 09, 2007, 10:49:53 AM

WordPress Premium Themes


Take a run out to your site and enter yoursite.com/images/ - just the name of your images folder, nothing else afterwards except for the trailing /.

If you see a "forbidden" or 403 error message, that's normal, but if you see a list of files, it means that your server is configured to allow for directory browsing. You'll notice that any folder that doesn't have a default document in place will also behave in the same way.

It's easy to fix; here's two methods:

1) Find out what the default document name is on your server - most likely it's index.htm or default.htm (or .html). Open up your html editor or even notepad and just save the file as the default document name. Don't add any text to the file, just leave it blank; then upload it to any folder that you're able to browse the directory of. This can be a little time consuming if you have many folders.

2) If your site is hosted on an Apache server, you can add *one* of the following lines to the .htaccess file in the root directory of your site:

IndexIgnore */*

or this option:

Options -Indexes

Be careful not to alter any other contents that might be in your .htaccess file

The first option will bring up a directory listing with nothing in it, the second will return a "forbidden" 403 error

If you don't have a .htaccess file, you can create one in notepad - just be sure to save it as .htaccess (note the "." preceding the file name). If you're not sure if your server supports .htacess, check with your web host.

What's a .htaccess file?

For sites hosted on Apache servers, the .htaccess file contains instructions for handling requests; including security, redirection issues, page rewriting and how to handle certain errors.

Why would you want to prevent directory browsing?

We all tend to leave files lying around in folders which may not be linked to or publicly displayed on our sites - items might be half finished pages, zip files not for general distribution etc. By preventing directory browsing, it lessens the chances of Joe Public stumbling on and viewing or downloading a file you don't particularly want them to see.

Michael Bloch has been working the web as a successful marketing and development consultant since the late 90's. Michael owns and operates TamingTheBeast.net; a popular Internet marketing and ecommerce resources site providing online business owners and affiliate marketers with valuable free advice, articles, tutorials and tools.

Article Source: http://EzineArticles.com/?expert=Michael_Bloch


you can prevent it via httpd.conf file as well as in .htaccesss file by deny the "Options -Indexes {require indexes}"

WordPress Premium Themes