restricting access to folders on server

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
sudhakararaog
Forum Newbie
Posts: 13
Joined: Thu Jan 31, 2008 1:08 am

restricting access to folders on server

Post by sudhakararaog »

i am using apache server and presently when i try accessing any folders of my website i am able to browse the files ex = http://www.website.com/images which is a serious security risk as i am building a

forum website using php and mysql.

in the root directory i have created a .htaccess file and whenever someone access a file which is not

on the server i have created a user friendly message that the file does not exist instead of a 404

error message displayed by the browser.

similar to this how can i go about restricting users to browse all my folders in the toot directory.

if anyone accesses for ex = http://www.website.com/phpscripts an alert should appear asking them to enter a

username and password.

1. how can i do this using apache.
2. where do i write the username and password information and will this apply to all the folders in

the root directory or specific directories.

please advice.

thanks.
User avatar
kaszu
Forum Regular
Posts: 749
Joined: Wed Jul 19, 2006 7:29 am

Re: restricting access to folders on server

Post by kaszu »

Post Reply