Page 1 of 1
Deploying a website
Posted: Mon Jan 08, 2007 11:46 am
by sh33p1985
ok, this might sound like a ridiculously amateur question, but in reality ive never actually done this for an actual business website, only personal projects where my deployment requirements werent so important.
ive finished developing a website for a small business locally and i am ready to put the website live (hosting has been sorted already). however, the directory structure of the website requires some folders to be have restricted access.
e.g.
hostname/ [allow access]
hostname/Scripts [no access]
hostname/Admin [allow access]
hostname/Admin/Scripts [no access]
obviously, i want the .php pages associated with the website to have access to the hostname/Scripts or hostname/Admin/Scripts folders, but i dont want john doe typing in hostname/Scripts into his web browser and being able to view all the files in that directory.
Thanks in advance for any help that can be offered.
Posted: Mon Jan 08, 2007 11:59 am
by jayshields
Look into .htaccess files if you are using Apache.
Posted: Mon Jan 08, 2007 12:01 pm
by jyhm
Would turning off indexing work?
Does your host use cPanel? On mine I click on a link that says index manager which disallows directory indexing but still enables scripts to access it. It even stops direct file access when you type in the filename directly.
Posted: Mon Jan 08, 2007 12:44 pm
by Ollie Saunders
Apache forum would be a lot better suited for your question. General discussion isn't even for asking questions. Grrr.
Anyway, to answer your question put something like this:
in a .htaccess file in the directories you wish to protect.
Posted: Mon Jan 08, 2007 2:47 pm
by m3mn0n
I'd recommend redirecting to a 404 as opposed to turning indexing off.
That way it doesn't give confirmation the directory exists... a little security through obscurity.
Posted: Tue Jan 09, 2007 10:17 am
by sh33p1985
hosting is by
http://www.fasthosts.co.uk, cant find any sign of .htaccess via ftp, and nothing resembling restricting access to folders from their control panel.
will try creating one and uploading it to see if the web server supports it or not.
assume it will support it, as im able to create custom error pages via the control panel.
/investigates
Posted: Tue Jan 09, 2007 10:20 am
by Ollie Saunders
sh33p1985 wrote:hosting is by
http://www.fasthosts.co.uk, cant find any sign of .htaccess via ftp, and nothing resembling restricting access to folders from their own site admin control panel.
You have to create one.
I'd recommend redirecting to a 404 as opposed to turning indexing off. That way it doesn't give confirmation the directory exists... a little security through obscurity.
Nice
Posted: Tue Jan 09, 2007 10:38 am
by sh33p1985
does support, it...
thanks for the help can work the rest out myself!
Posted: Tue Jan 09, 2007 10:54 am
by sh33p1985
one minor query, i get a directing listing denied by default on
http://www.mydomain.co.uk (havent uploaded any .htaccess files yet). can i make this redirect to lets say
http://www.mydomain.co.uk/welcome.php?
Posted: Tue Jan 09, 2007 11:06 am
by Ollie Saunders
create a file called index.php in the document root directory and put this in it:
Code: Select all
<?php
header('Location: http://www.mydomain.co.uk/welcome.php');
There's certainly an apache based solution but I've always used PHP.
Posted: Tue Jan 09, 2007 11:25 am
by sh33p1985
ye its:
DirectoryIndex welcome.php