I want to block the direct access to directories in the www folder of my wamp server so that no one can directly access the files which are residing there.
Example:
There is a folder in www named "folder". This folder contains a file "page.php" and several images and css files. There is no index file in this folder. Now when the user enters ..../folder/ whole directory will be accessible to user. But I want to hide the directory list from user. But page.php should be accessible when opened through the any other page (via hyperlink)
Please help!
The way you describe it, you probably still want those items to be accessible so that pages referencing those files will still load. You just don't want Apache to list out the files when navigating to that folder.
Apache calls these pages "directory indexes". You can turn it off for a specific folder (and sub folders) by adding to the .htaccess file for that folder an entry:
Options -indexes
More details on the Options directive and .htaccess files here:
https://httpd.apache.org/docs/current/mod/core.html#options
Related
is there a way to deny outside access to my upload directory ?! I don't want users to access my upload directory : www.example.com/uploads
i used .htaccess in the root of my upload folder however all the links were broken
in my .htaccess :
deny from all
any solution ?
If you wish to disable directory listing, simply place 'Options -Indexes' in your htaccess.
You've applied a 'deny from all', which essentially stops ANYONE from accessing files in the directory to which it applies.
Also make sure that 'AllowOverride All' is specified in the vhost definition, otherwise you are unable to override settings via the htaccess file. That is my understanding anyway.
If you wish to disable access to the upload directory, and control which files in specific users can access, I'd recommend going through a script written in a language such as PHP. A user requests a file from the script, the script looks to see if they're allowed to view the file. IF they are, they file is displayed. IF they aren't then it is not.
References
http://www.thesitewizard.com/apache/prevent-directory-listing-htaccess.shtml
http://mathiasbynens.be/notes/apache-allowoverride-all
I installed Drupal on my website. It works perfectly but to reach the front page I'm systematically redirected to a page called "Index of" and I have to click on the subfolder drupal-7.12/ to reach the front page. So, the real url for my website i guess is
http://www.mysite.com/drupal-7.12
On my ftp server is organized like this:
Folder public_html
-> Folder drupal-7.12 + a file .htaccess
There is another .htaccess file inside the folder drupal-7.12
I know that I have to modify one of them but i don't know which one and what i have to modify ?
I hope that someone will understand my problem and could help me
Thanks
ML
I would suggest that you remove the folder in drupa.7.12 and move everything up one directory. Basically you are set up as:
Mysite/drupal7.12
move all the contents of drupal 7.12 up one directory to your public_html folder
Or you need to edit the htaccess in the public_html folder to redirect you to that folder. But that is going to cause some issues in the long run.
I have a list of documents here: www.example.com/documents
I want to key the documents folder in the public_html / htdocs folder (not above it). However, I don't want people to be able to navigate to www.example.com/documents or for Google to index the content. But I still need to use links to the documents across the site (mainly within a logged in area).
Any suggestions?
There's a chance I misunderstood the question, but I think you'd like to disable directory listing. If so, just put
Options -Indexes
in your .htaccess file. This tells Apache not to create that fancy file list when the URI http://example.com/directory/ is requested, so the user will get a 404 error. Reqests to files within the directory are unaffected.
You can also do various fancy things with the directory listing by using the mod_autoindex directives like IndexIgnore.
I have an xml file on the server containing details to the database server. I don't want anyone to be able to access it via url but PHP should be able to load the file
Two ways:
Simple move all those kinds of files outside the webroot, for example /application instead of /public_html/myapplication. You only need accessible pages (index.php etc.) inside the webroot.
Or if that's not possible/too hard, add this in .htaccess in the folder that contains the XML file (but it cannot contain files that should be accessible)
.
Order Allow,Deny
Deny from All
you could use .htaccess file: http://httpd.apache.org/docs/1.3/howto/htaccess.html
but, why put it in XML? put it in PHP as variables, then even if they visit the page they won't be able to see it.
I don`t know anything about .htaccess files except how to secure a folder or deny access.
I want to deny direct access to .js files (by typing the file name in url) on my server, say the files are stored in a folder named /js/ how can I use the .htaccess to do that?
You cannot do that.
Actually there is no 'direct access' or 'indirect access'. The browser accesses the JS file the same way when you load it from a SCRIPT tag and when you try to load it separately (typing the file name in browser).