Question regarding setting up a new website in htdocs folder - linux

Today I moved my website to a new hosting company (Verio). I've done this lots of times before, and I know that your website should go inside the "htdocs" folder.
Now usually when I use FileZilla, I can do a "Right Click" on a filename to get the URL of that file. This is the result of my root default file: ftp://test#test.com/www/htdocs/Research/index.php
However, on the web, the true URL of my default file is: www.test.com/Research/index.php
My index.php file is in the website root folder. Does anyone know why FileZilla would include the server folders "www/htdocs" as part of the URL? These folders should not normally be visible to the user.
OR, is this look correct?

That ftp url is correct. Your FTP account has access to the two folders (www/htdocs/) before the document root, as most hosting providers provide.
You are also correct to assume that http access is limited to the document root. (Meaning they cannot see www/htdocs/)

Related

Find files in website directory

Let's say there's a website www.example.com/user/john. Accessing that link takes you to www.example.com/user/john/index.html.
There are files like www.example.com/user/john/picture.png and www.example.com/user/john/document.html. These are also accessible to the public, but there's no link to these from index.html.
Is there a systematic way to find out these files? I'm asking because I'm going to set up my website, and I also want to put up a few files that I don't necessarily want every one to see, only people who I give the link to. So I'm wondering how easy/hard it is to find out that those files exist in my directory.
Most importantly you have to switch off the possibility to just browse the directory with the browser. Every server has its own way to switch this off. Then you can use the proposed way of "security through obscurity".
Another way can be, to have a specific folder whos access is restricted by a http basic authentication. This can be configured in the .htaccess file which you put in the root folder of your directory you want to share only with specific people.
Just google ".htacces" and "basic authentication".
HTTP does not provide a directory listing method as such. Most web servers can be set up to provide a HTML-formatted directory listing if an index file such as index.html does not exist. If you provide an index file so that autoindexing does not happen (or if you disable autoindex by web server configuration), and if your "hidden" file names are hard to guess, they should be pretty hard to find. I sometimes publish such files in a directory with a random gibberish name.
"Share links" used by Dropbox, Picasa and other services do the same, they just use longer random file/directory names or random parameters in the URL.
To provide real security you'll want to set up https (SSL/TLS) so that any eavesdroppers on the network cannot easily look at the requested URLs, and authentication such as HTTP Basic Authentication with username/password. For less sensitive stuff, http to a random hidden directory will often do fine.

.htaccess for CodeIgniter

My CodeIgniter structure :
public/
application/
system/
I don't want anyone to access http://exampble.com/public, allow only the application to access the resource. I tries to create the file .htaccess in directory with the content 'Deny from all', so the user can't access this directory. But my application can't access as well.
How can I solve this problem?
Please give me any idea. Thanks.
From its name, it appears that you're using the 'public' directory to store relevant images and css for your site.
If that is the case, then there's no way you can prevent users from accessing it, unless you don't want to serve images or display styling for your website.
You may however enable what's called hot-link protection which will check for the referrer for each request (not very secure, but thought it might help you out).

Redirection from index to front page (.htaccess)

I installed Drupal on my website. It works perfectly but to reach the front page I'm systematically redirected to a page called "Index of" and I have to click on the subfolder drupal-7.12/ to reach the front page. So, the real url for my website i guess is
http://www.mysite.com/drupal-7.12
On my ftp server is organized like this:
Folder public_html
-> Folder drupal-7.12 + a file .htaccess
There is another .htaccess file inside the folder drupal-7.12
I know that I have to modify one of them but i don't know which one and what i have to modify ?
I hope that someone will understand my problem and could help me
Thanks
ML
I would suggest that you remove the folder in drupa.7.12 and move everything up one directory. Basically you are set up as:
Mysite/drupal7.12
move all the contents of drupal 7.12 up one directory to your public_html folder
Or you need to edit the htaccess in the public_html folder to redirect you to that folder. But that is going to cause some issues in the long run.

How to protect my site user file from a website downloader

Hi suppose my site as www.xyz.com and i have a folder as _Userfile which have file uploaded by my users and if they download there file the link is www.xyz/_Userfile/userfile.doc now i want to learn this:
if some one has the link to other user file he can download it i want to solve this(privacy)
2: protect my site file from website downloader.
ASAP plz
Also i am using virtual directory to save my user files so i need a way to protect any type of file to be downloaded by any kind of software
You'll have to implement an authentication mechanism, and to serve those files through a server-side application (in PHP, Java or whatever), that checks if the authenticated user has the right to access a resource, then reads the resource from the disk and writes it to the HTTP response. The documents should be placed in a location that is not directly accessible through HTTP.
Just add index.html file in the folder _Userfile... This will prevent others accessing the whole directory listing in _UserFile folder! Simple isn't it?

Problems with .pdf-files in Joomla 1.6

I've installed a Joomla 1.6 template, and everything is working fine except 1 thing.
I have uploaded some .pdf-files somewhere in the file system and people who visit the site can view or download these pdf-files, but when I click on the link or trying to right-click and "Save as target" I get an error message like this:
Forbidden
You don't have permission to access
/path/filename.pdf on this server.
Additionally, a 404 Not Found error was encountered while trying to
use an ErrorDocument to handle the request. Apache mod_fcgid/2.3.6
mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server
at website Port 80
I've logged in as administrator and checked if I found anything that denies access to files with .pdf extension, but all I found was that it seems like a .htaccess-file is being created in the same folder as the .pdf-files just after I'm trying to open them in my browser.
The content of the .htaccess file that is being created is this:
deny from all
I have also tried to edit this files content to "allow from all", and tried to delete it too, but Joomla is just changing it back.
Anyone know why or what that prevents me from viewing or downloading the pdf-files?
If it's a UNIX/Linux server you can FTP in with a client that shows permissions like FileZilla. It's probably the permissions associated with the parent folder cascading down to these files. Try to see if you can upload an image to the images folder and if you can save it the same way you're trying to save the PDFs. If downloading the image to your machine works, I would then look at the permissions settings. If you're not sure which permissions to look for, check out this: http://www.tuxfiles.org/linuxhelp/filepermissions.html
Usually a client can download/view files with permissions of 644 or higher.

Resources