Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: What Is The Best Way To Deny Access To Directories? |
|
| Author |
|
DeveloperDan
Joined: 22 Jan 2018
Posts: 1
Location: san francisco
|
 Posted: Tue 23 Jan '18 1:19 Post subject: What Is The Best Way To Deny Access To Directories? |
 |
|
Hello everyone! I am new to the forums and looking to solve a problem. My apologies in advance if I am not asking my question in the proper location. I will do my best to explain my problem in such a way that supplying an answer should be simple. At least I hope. 
____________________________
Example Directory Structure:
____________________________
root/
/js/
/css/
/images/new_images/
/misc/misc_one/
index.php
about.php
contact.php
.htaccess
robots.txt
____________________________
The above is my example of a simple file structure 3 levels deep. (E.g: root/images/new_images). My actual website is a WordPress website and file structure.
What do I want to achieve or prevent? I want to stop anyone from being able to directly access a directory and view its contents by simply visiting the directory path. I know I could drop an index.php/HTML file in each directory but there are just too many, some directories are created dynamically and it's just not practical. When I visit mywebsite.com/images/ or www.mywebsite.com/misc/misc_two or any other directory with no index file in it I want to either redirect the user to a specific page or show them nothing. So long as I have control of what they see or don't see.
The Short Version Of My Question:
---------------------------------
How do I keep people from viewing the contents of any and all the directories on my website using the .htaccess file? Is there a directive to redirect visitors to another page once they've manually entered into a directory with no index file? I do not want anyone to be able to look into a directory. Keep ni mind I am using this on a wordpress website.
As always, thank you all for reading and I hope to hear from you soon! |
|
| Back to top |
|
mraddi
Joined: 27 Jun 2016
Posts: 152
Location: Schömberg, Baden-Württemberg, Germany
|
| Posted: Thu 25 Jan '18 11:20 Post subject: |
|
|
Hello,
many roads lead to Rome
You can either remove the "Indexes" from your apache's config-file where it reads somethin similar to
| Code: | | Options Indexes FollowSymLinks |
Or you can add the following line to your .htaccess (which will only work if you have allowed to override this setting with "AllowOverride All" or something like this in apache's main config):
These both options prevent directory indexes and result in a "403 forbidden". I would prefer (if possible) the first version.
To display a custom error-page you might have a look at http://httpd.apache.org/docs/2.4/mod/mod_dir.html#fallbackresource or configure a custom error-page either within the .htaccess or within apache's config:
| Code: | | ErrorDocument 403 /errors/notallowed.html |
Or (instead of the ErrorDocument) you can use mod_rewrite to redirect (in this case it redirects to /) all requests to directory-indexes and for non-existing files/directories/ and if no index.php is available:
| Code: | RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^.*$ / [R=302,L]
RewriteCond %{REQUEST_FILENAME} /$
RewriteCond %{REQUEST_FILENAME}index.php !-f
RewriteRule ^.*$ / [R=302,L] |
|
|
| Back to top |
|
|
|
|
|
|
