Sunday, June 26, 2011

Preventing Directory Browsing

Take a run out to your site and enter yoursite.com/images/ - just the name of your images folder, nothing else afterwards except for the trailing /.

If you see a "forbidden" or 403 error message, that's normal, but if you see a list of files, it means that your server is configured to allow for directory browsing. You'll consideration that any briefcase that doesn't have a default document in place will also behave in the same way.

Apache

It's easy to fix; here's two methods:

1) Find out what the default document name is on your server - most likely it's index.htm or default.htm (or .html). Open up your html editor or even notepad and just save the file as the default document name. Don't add any text to the file, just leave it blank; then upload it to any briefcase that you're able to browse the directory of. This can be a itsybitsy time arresting if you have many folders.

2) If your site is hosted on an Apache server, you can add *one* of the following lines to the .htaccess file in the root directory of your site:

IndexIgnore */*

or this option:

Options -Indexes

Be just not to alter any other contents that might be in your .htaccess file

The first selection will bring up a directory listing with nothing in it, the second will return a "forbidden" 403 error

If you don't have a .htaccess file, you can generate one in notepad - just be sure to save it as .htaccess (note the "." preceding the file name). If you're not sure if your server supports .htacess, check with your web host.

What's a .htaccess file?

For sites hosted on Apache servers, the .htaccess file contains instructions for handling requests; including security, redirection issues, page rewriting and how to handle determined errors.

Why would you want to forestall directory browsing?

We all tend to leave files lying nearby in folders which may not be connected to or publicly displayed on our sites - items might be half concluded pages, zip files not for general distribution etc. By preventing directory browsing, it lessens the chances of Joe social stumbling on and viewing or downloading a file you don't particularly want them to see.

Preventing Directory Browsing

Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)