|
How to prevent a file listing?
Hi,
If I have a website with an 'images' folder then someone can navigate to the folder with their browser and automatically a file listing appears, how can I prevent that? Thanks, Paul |
Re: How to prevent a file listing?
Previously in alt.html, paul <P.Fredlein@NOSPAMuq.net.au> said:
> If I have a website with an 'images' folder then someone can navigate to the > folder with their browser and automatically a file listing appears, how can > I prevent that? In the configuration on the server. If it's Apache, and you don't have access to the main configuration file (usually httpd.conf), you may be able to do it in your .htaccess file by adding the following line: Options -Indexes -- Mark Parnell http://www.clarkecomputers.com.au alt.html FAQ :: http://html-faq.com/ |
Re: How to prevent a file listing?
paul wrote:
> automatically a file listing appears, how can > I prevent that? Put a file named index.html in there. -- Gregor's Motorradreisen: http://hothaus.de/greg-tour/ |
Re: How to prevent a file listing?
paul wrote:
> Hi, > > If I have a website with an 'images' folder then someone can navigate to the > folder with their browser and automatically a file listing appears, how can > I prevent that? You can also allow only browsers that identify themselves as being referred by your site. if you run apache, put something like this in the .htaccess file in the images directory. Note that this kind of security is easily circumvented; it will prevent a casual browser from accessing images but the referer is easily forged by anyone who is determined.... This will also break some browsers. I've also found that the -Indexes option breaks IE for some weird reason.... So I had to turn in back on.... Options +FollowSymlinks Options +SymlinksIfOwnerMatch RewriteEngine on RewriteCond %{HTTP_REFERER} !^http://www.xxxxxxx.com/.*$ [NC] RewriteRule .*\.(jpg)$ - [F,L] Options +Indexes |
Re: How to prevent a file listing?
CptDondo wrote:
> I've also found that the -Indexes option breaks IE for some weird > reason.... You must have been mistaken/drunk/stupid that day. Turning off Directory indexes effects all browsers equally. -- Toby A Inkster BSc (Hons) ARCS Contact Me ~ http://tobyinkster.co.uk/contact |
Re: How to prevent a file listing?
Toby Inkster wrote:
> CptDondo wrote: > > >>I've also found that the -Indexes option breaks IE for some weird >>reason.... > > > You must have been mistaken/drunk/stupid that day. Turning off Directory > indexes effects all browsers equally. > That's what I would have thought.... But one person with Japanese WinXP and IE kept getting permission denied errors until I turned it back on.... Worked fine on my Linux/Firefox workstation.... Maybe I'll do a bit of testing once I get back on a WinXP box... |
Re: How to prevent a file listing?
> From: "Greg N." <yodel_dodel@yahoo.com>
> paul wrote: >> automatically a file listing appears, how can >> I prevent that? > > Put a file named index.html in there. What a good idea! |
Re: How to prevent a file listing?
CptDondo wrote:
> Toby Inkster wrote: > >> CptDondo wrote: >> >> >>> I've also found that the -Indexes option breaks IE for some weird >>> reason.... >> >> >> >> You must have been mistaken/drunk/stupid that day. Turning off Directory >> indexes effects all browsers equally. >> > > That's what I would have thought.... But one person with Japanese WinXP > and IE kept getting permission denied errors until I turned it back > on.... Worked fine on my Linux/Firefox workstation.... Maybe I'll do a > bit of testing once I get back on a WinXP box... If indexes are off then they SHOULD get a 403 Forbidden error on any request to a site's sub directory without either a request explicitly for an *existing* document in that directory or a default *index* document. 403 error is generated bay the server, the browser has nothing to do with it! If the OP does not have access to the server configuration to turn off indexes or and .htaccess to do the same then as previously suggested a very simple solution is to put a index.html file in such folders with warning message about improper access and a link back to your html documents.... -- Take care, Jonathan ------------------- LITTLE WORKS STUDIO http://www.LittleWorksStudio.com |
Re: How to prevent a file listing?
Jonathan N. Little wrote:
> If indexes are off then they SHOULD get a 403 Forbidden error on any > request to a site's sub directory without either a request explicitly > for an *existing* document in that directory or a default *index* > document. 403 error is generated bay the server, the browser has nothing > to do with it! > > If the OP does not have access to the server configuration to turn off > indexes or and .htaccess to do the same then as previously suggested a > very simple solution is to put a index.html file in such folders with > warning message about improper access and a link back to your html > documents.... > Maybe my recollection is wrong... But I remember it was a stumper... I am using ModRewrite and there may have been some other things in there that screwed it up... |
Re: How to prevent a file listing?
Captain Dondo wrote:
<snip> > Maybe my recollection is wrong... But I remember it was a stumper... I > am using ModRewrite and there may have been some other things in there > that screwed it up... That may be so, but since the this is done at the server-side all browsers would receive the same error message, unless some conditional base upon the user-agent... Still the simplest is on server end turning off indexes: -Indexes in [directory|virtual host|.htaccess] or adding an index.html doc in folders to prevent listing... -- Take care, Jonathan ------------------- LITTLE WORKS STUDIO http://www.LittleWorksStudio.com |
| All times are GMT. The time now is 02:53 AM. |
Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.