Deploying a website

Ye' old general discussion board. Basically, for everything that isn't covered elsewhere. Come here to shoot the breeze, shoot your mouth off, or whatever suits your fancy.
This forum is not for asking programming related questions.

Moderator: General Moderators

Post Reply
sh33p1985
Forum Commoner
Posts: 78
Joined: Thu Mar 11, 2004 9:22 am

Deploying a website

Post by sh33p1985 »

ok, this might sound like a ridiculously amateur question, but in reality ive never actually done this for an actual business website, only personal projects where my deployment requirements werent so important.

ive finished developing a website for a small business locally and i am ready to put the website live (hosting has been sorted already). however, the directory structure of the website requires some folders to be have restricted access.

e.g.

hostname/ [allow access]
hostname/Scripts [no access]
hostname/Admin [allow access]
hostname/Admin/Scripts [no access]

obviously, i want the .php pages associated with the website to have access to the hostname/Scripts or hostname/Admin/Scripts folders, but i dont want john doe typing in hostname/Scripts into his web browser and being able to view all the files in that directory.

Thanks in advance for any help that can be offered.
User avatar
jayshields
DevNet Resident
Posts: 1912
Joined: Mon Aug 22, 2005 12:11 pm
Location: Leeds/Manchester, England

Post by jayshields »

Look into .htaccess files if you are using Apache.
User avatar
jyhm
Forum Contributor
Posts: 228
Joined: Tue Dec 19, 2006 10:08 pm
Location: Connecticut, USA
Contact:

Post by jyhm »

Would turning off indexing work?

Does your host use cPanel? On mine I click on a link that says index manager which disallows directory indexing but still enables scripts to access it. It even stops direct file access when you type in the filename directly.
User avatar
Ollie Saunders
DevNet Master
Posts: 3179
Joined: Tue May 24, 2005 6:01 pm
Location: UK

Post by Ollie Saunders »

Apache forum would be a lot better suited for your question. General discussion isn't even for asking questions. Grrr.

Anyway, to answer your question put something like this:

Code: Select all

Order deny, allow
Deny From all
in a .htaccess file in the directories you wish to protect.
User avatar
m3mn0n
PHP Evangelist
Posts: 3548
Joined: Tue Aug 13, 2002 3:35 pm
Location: Calgary, Canada

Post by m3mn0n »

I'd recommend redirecting to a 404 as opposed to turning indexing off.

That way it doesn't give confirmation the directory exists... a little security through obscurity.
sh33p1985
Forum Commoner
Posts: 78
Joined: Thu Mar 11, 2004 9:22 am

Post by sh33p1985 »

hosting is by http://www.fasthosts.co.uk, cant find any sign of .htaccess via ftp, and nothing resembling restricting access to folders from their control panel.

will try creating one and uploading it to see if the web server supports it or not.

assume it will support it, as im able to create custom error pages via the control panel.

/investigates
Last edited by sh33p1985 on Tue Jan 09, 2007 10:25 am, edited 2 times in total.
User avatar
Ollie Saunders
DevNet Master
Posts: 3179
Joined: Tue May 24, 2005 6:01 pm
Location: UK

Post by Ollie Saunders »

sh33p1985 wrote:hosting is by http://www.fasthosts.co.uk, cant find any sign of .htaccess via ftp, and nothing resembling restricting access to folders from their own site admin control panel.
You have to create one.
I'd recommend redirecting to a 404 as opposed to turning indexing off. That way it doesn't give confirmation the directory exists... a little security through obscurity.
Nice
sh33p1985
Forum Commoner
Posts: 78
Joined: Thu Mar 11, 2004 9:22 am

Post by sh33p1985 »

does support, it...

thanks for the help can work the rest out myself!
sh33p1985
Forum Commoner
Posts: 78
Joined: Thu Mar 11, 2004 9:22 am

Post by sh33p1985 »

one minor query, i get a directing listing denied by default on http://www.mydomain.co.uk (havent uploaded any .htaccess files yet). can i make this redirect to lets say http://www.mydomain.co.uk/welcome.php?
User avatar
Ollie Saunders
DevNet Master
Posts: 3179
Joined: Tue May 24, 2005 6:01 pm
Location: UK

Post by Ollie Saunders »

create a file called index.php in the document root directory and put this in it:

Code: Select all

<?php
header('Location: http://www.mydomain.co.uk/welcome.php');
There's certainly an apache based solution but I've always used PHP.
sh33p1985
Forum Commoner
Posts: 78
Joined: Thu Mar 11, 2004 9:22 am

Post by sh33p1985 »

ye its:

DirectoryIndex welcome.php
Post Reply