Develop Reference

Securing directory on hosting server

I am writing some php scripts that I am using for personal reasons. One thing I noticed that if I type in the directory on the browser I am able to see all files in the directory.
How can I prevent the browser from viewing any of the files in a directory? I want to be able to send requests to the server and let the server run the script. Can someone point me in the right direction? Should I configure the .htaccess file? If so, what should I be looking for?
FYI: I am on a shared hosted server.

the fast way to do that creat .htaccess ex: under /public_html/
and put this code inside it
Options -Indexes
all about .htaccess to more information

Redirect issue with cake php and html folder

I have a website in cake php host on a domain root(www.example.com/) directory it work fine. Now the issue is i placed a html template on www.exapmle.com/html but when i open this in browser it rdirect to website means www.example.com and seen cake php website.

One thing that is asked quite a lot on #cakephp is how to use other apps alongside CakePHP, and the answer giving is normally pretty ugly. Stick the files/folders in side webroot/. Although that does work, its not very nice. So ill show you a little trick with .htaccess files.
The first (really simple way) is to use a .htaccess inside the sub folder. For example you can have a copy of Joomla! running alongside cake with no issues when you have the .htaccess for Joomla! enabled. If the app does not have one and/or you would not know what to put in the .htaccess file you have another option
Make Apache stop processing rewrites if it finds a request for your sub directory. This is done by adding a rule for the sub directory and then telling Apache it is the last rule to process. The .htaccess file you want to edit is the one found inside your APP directory. All you want to add is the following line:
You can do this for as many sub folders as you wish, by changing the regex accordingly. Its pretty simple to do and a much cleaner way than having all your stuff inside the webroot/ folder of your APP.
Source : http://goo.gl/kOEZ9Y

.htaccess file not getting loaded

I am using Netbeans in Linux environment to develop my project. I have put my .htaccess in Web pages folder in Netbeans. But my .htaccess file is not getting loaded.
Now as suggested in many forums I wanted to change <Directory/> tag in /etc/httpd/conf/httpd.conf file. But There are many such tags. My question is which one I have to edit?
I want this file to affect whole directory. So putting it in web pages folder is ok or not?
It might be a repeat question but I could not find a solution in any forum.
Note: I have tried putting garbage or deny from all in .htacces file it is not getting loaded for sure.

Protecting folder and its files

I wish to protect folder with core files of CMS and its sub folders and files from accessing via web, and I tried with .htaccess file with this:
order deny,allow
deny from all
Problem I have is that I can protect that folder but some script from that folder or its sub folder then do not work good.
I also tried with this:
order deny,allow
deny from all
allow from 127.0.0.1
allow from 76.xx.xx.xx
In this case 76.xx.xx.xx is static IP of site.
Is there any way to prevent accessing files in that folder but still to make all work ok?
Another question.
I wish to secure more my site from hackers. So, is there any way to prevent injecting malicious files and code in my scripts/files and/or to block my site of executing files from other sites, hosts, to allow just working with local files.
I prefer .htaccess file, but if it is needed I have access to WHM if there is need for editing other files (but in that case I will need step by step guide). I am running site on Linux VPS with Cent-OS 5 system.

The usual way to do this is to put the accessible files in an apache-accessible directory, but all the rest into a directory out of the way from Apache. For example:
/usr/
local/
mycms/
public/
lib/
/var/
www/
mycms -> softlink to /usr/local/mycms/public
Or better yet, make mycms an alias in Apache config, pointing at the public directory. This way, the files that should be accessible are, those that shouldn't be aren't, and you can still reference all your other files simply by ../lib/ etc.
I know this does not really answer your question literally, and if the CMS directory structure is not under your control, this may not be the best way to do it.
Another way is through rewrites - simply rewrite all requests to your CMS directory except for your CMS's entry script into requests for the entry script.

question about htaccess file

what is htaccess file? how to create and write that? what is the advantage of using htaccess file?

.htaccess files provide a way to make configuration changes on a per-directory basis. See the official Apache documentation for .htaccess files.

.htaccess allows you to override Apache's (and other servers') main configuration file for a particular directory (and all its subdirectories). To use .htaccess you simply create a new file and name it ".htaccess" (yes, the name is very unusual because it actually consist of only a very long file extension), upload it to you server (if you want to affect your entire site than put is in your root folder), and finally add some directives.
If you wand to see what sort of things you can configure with .htaccess check out this very accessible tutorial: 5 most useful applications of the .htaccess file.
For something more comprehensive visit guide .htaccess.
Hope this helps

This is majorly used for configuration on server the generally things involve in usage are following.
-(redirecting server to specific file)
Redirect permanent /index.html (new path)
For more you can refer to http://httpd.apache.org/docs/2.0/howto/htaccess.html#related