How to prevent a file listing?

P

paul

Hi,

If I have a website with an 'images' folder then someone can navigate to the
folder with their browser and automatically a file listing appears, how can
I prevent that?

Thanks,

Paul
 
M

Mark Parnell

Previously in alt.html said:
If I have a website with an 'images' folder then someone can navigate to the
folder with their browser and automatically a file listing appears, how can
I prevent that?
Click to expand...

In the configuration on the server. If it's Apache, and you don't have
access to the main configuration file (usually httpd.conf), you may be
able to do it in your .htaccess file by adding the following line:

Options -Indexes
 
C

CptDondo

paul said:
Hi,

If I have a website with an 'images' folder then someone can navigate to the
folder with their browser and automatically a file listing appears, how can
I prevent that?
Click to expand...

You can also allow only browsers that identify themselves as being
referred by your site. if you run apache, put something like this in
the .htaccess file in the images directory. Note that this kind of
security is easily circumvented; it will prevent a casual browser from
accessing images but the referer is easily forged by anyone who is
determined....

This will also break some browsers. I've also found that the -Indexes
option breaks IE for some weird reason.... So I had to turn in back on....

Options +FollowSymlinks
Options +SymlinksIfOwnerMatch
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://www.xxxxxxx.com/.*$ [NC]
RewriteRule .*\.(jpg)$ - [F,L]
Options +Indexes
 
T

Toby Inkster

CptDondo said:
I've also found that the -Indexes option breaks IE for some weird
reason....
Click to expand...

You must have been mistaken/drunk/stupid that day. Turning off Directory
indexes effects all browsers equally.
 
C

CptDondo

Toby said:
CptDondo wrote:




You must have been mistaken/drunk/stupid that day. Turning off Directory
indexes effects all browsers equally.
Click to expand...

That's what I would have thought.... But one person with Japanese WinXP
and IE kept getting permission denied errors until I turned it back
on.... Worked fine on my Linux/Firefox workstation.... Maybe I'll do a
bit of testing once I get back on a WinXP box...
 
J

Jonathan N. Little

CptDondo said:
That's what I would have thought.... But one person with Japanese WinXP
and IE kept getting permission denied errors until I turned it back
on.... Worked fine on my Linux/Firefox workstation.... Maybe I'll do a
bit of testing once I get back on a WinXP box...
Click to expand...

If indexes are off then they SHOULD get a 403 Forbidden error on any
request to a site's sub directory without either a request explicitly
for an *existing* document in that directory or a default *index*
document. 403 error is generated bay the server, the browser has nothing
to do with it!

If the OP does not have access to the server configuration to turn off
indexes or and .htaccess to do the same then as previously suggested a
very simple solution is to put a index.html file in such folders with
warning message about improper access and a link back to your html
documents....
 
C

Captain Dondo

Jonathan said:
If indexes are off then they SHOULD get a 403 Forbidden error on any
request to a site's sub directory without either a request explicitly
for an *existing* document in that directory or a default *index*
document. 403 error is generated bay the server, the browser has nothing
to do with it!

If the OP does not have access to the server configuration to turn off
indexes or and .htaccess to do the same then as previously suggested a
very simple solution is to put a index.html file in such folders with
warning message about improper access and a link back to your html
documents....
Click to expand...

Maybe my recollection is wrong... But I remember it was a stumper... I
am using ModRewrite and there may have been some other things in there
that screwed it up...
 
J

Jonathan N. Little

Captain Dondo wrote:
Maybe my recollection is wrong... But I remember it was a stumper... I
am using ModRewrite and there may have been some other things in there
that screwed it up...
Click to expand...

That may be so, but since the this is done at the server-side all
browsers would receive the same error message, unless some conditional
base upon the user-agent...

Still the simplest is on server end turning off indexes: -Indexes in
[directory|virtual host|.htaccess]

or

adding an index.html doc in folders to prevent listing...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

How to prevent copying from your site 5
KML to CSV file conversion using Python and Windows Powershell 0
HTACCESS - prevent files from being downloaded via 'view source' 1
Listing events not showing when date is today. 4
Building and listing top scorers from 1
How to put loop result in csv file 1
How to save JSON Data to a file using fetch() api? 2
PHP failed to create file 13

Members online

Total: 38 (members: 4, guests: 34)
Robots: 442

Forum statistics

Threads
473,768
Messages
2,569,574
Members
45,050
Latest member
AngelS122

Latest Threads

Top