prevent directory browsing

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
mcog_esteban
Forum Contributor
Posts: 127
Joined: Tue Dec 30, 2003 3:28 pm

prevent directory browsing

Post by mcog_esteban »

as the title says...how can i prevent directory browsing with php+apache?
i could use a index.html or php on every forbiden directory and redirect to somewhere else, but i'm looking for other solutions.
User avatar
CoderGoblin
DevNet Resident
Posts: 1425
Joined: Tue Mar 16, 2004 10:03 am
Location: Aachen, Germany

Post by CoderGoblin »

This should be set up as part of your Apache configuration...

one link you could use (only a starting point).
http://httpd.apache.org/docs/mod/mod_access.html

The idea is that if access is denied you get a 404 error. Unless someone knows the path they have to guess all the information.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

.htaccess has this supported too..
mcog_esteban
Forum Contributor
Posts: 127
Joined: Tue Dec 30, 2003 3:28 pm

Post by mcog_esteban »

thank you both.
i'll see some examples about it.
majesticreality
Forum Newbie
Posts: 3
Joined: Sat Mar 05, 2005 2:31 pm

Post by majesticreality »

I configured my site so that the nobody can browse directories, but is there anyway to prevent people seeing pages if they do happen to know the full path name to the file?
thegreatone2176
Forum Contributor
Posts: 102
Joined: Sun Jul 11, 2004 1:27 pm

Post by thegreatone2176 »

do what feyd said and use .htaccess for the whole directory
Post Reply