stop accessing folder through url

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
bluestar
Forum Newbie
Posts: 13
Joined: Thu Mar 17, 2011 7:19 am

stop accessing folder through url

Post by bluestar »

hii all....im making awebsite in php-mysql....my root folder name is newproject1 and it is in htdoc folder, folder newproject1 contains files and folder one of the folder is style and another is image.....the url when i run a website is http://localhost/newproject1/filename.php ...but if i chage it to http://localhost/newproject1/style or http://localhost/newproject1/image .....it shows all files and folder within these two folder and access them....so how to stop these..
User avatar
flying_circus
Forum Regular
Posts: 732
Joined: Wed Mar 05, 2008 10:23 pm
Location: Sunriver, OR

Re: stop accessing folder through url

Post by flying_circus »

You can put an index.php file in those directories which is either blank, or has a redirect to your homepage. You can also place those files below the document and use a PHP to stream them on demand, but this is not typical for public images and styles.
User avatar
twinedev
Forum Regular
Posts: 984
Joined: Tue Sep 28, 2010 11:41 am
Location: Columbus, Ohio

Re: stop accessing folder through url

Post by twinedev »

Another method is drop an .htaccess file in each directory, that just has the following two lines

[text]Options -Indexes
ErrorDocument 403 http://www.yoursitedomain.com/[/text]

The first line says not to display directory index (most hosts let you override this value)
The second line says that when someone gets a 403 error (what you get when get from the above), take them to the specified URL

Note the following about the URL: If you give the full URL (as I gave above), your browser will actually redirect to that URL. If you give just a relative path like the example below, your browser will still show the URL the person browsed to, but display the page listed below:

[text]Options -Indexes
ErrorDocument 403 /[/text]

Nice part of this method over dropping in a index file in each directory is it takes care of the directory you put it in, and any subdirectories in them. And if you don't don't have a need for directory listing at all on the site, put the .htaccess file in the root of the site and it will take care of it all!

-Greg
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: stop accessing folder through url

Post by social_experiment »

twinedev wrote:Another method is drop an .htaccess file in each directory
Wouldn't one .htaccess file in the root folder also suffice? I have only 1 .htaccess folder with the following inside it and it also prohibits directory browsing.
[text]
IndexIgnore *
Options -Indexes
[/text]
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
User avatar
flying_circus
Forum Regular
Posts: 732
Joined: Wed Mar 05, 2008 10:23 pm
Location: Sunriver, OR

Re: stop accessing folder through url

Post by flying_circus »

Awesome, I'm glad you guys posted! I knew it was possible to accomplish the same goal with .htaccess but I wasn't confident enough to include it as a solution. I got to learn something new too :)
User avatar
twinedev
Forum Regular
Posts: 984
Joined: Tue Sep 28, 2010 11:41 am
Location: Columbus, Ohio

Re: stop accessing folder through url

Post by twinedev »

social_experiment wrote:Wouldn't one .htaccess file in the root folder also suffice?
Yes, that was at the end of my post:
twinedev wrote:And if you don't don't have a need for directory listing at all on the site, put the .htaccess file in the root of the site and it will take care of it all!
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: stop accessing folder through url

Post by social_experiment »

Missed that on the first read through :)
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
Post Reply