how to prevent dir "indexing" viewable?

Discussion in 'HTML' started by Noreen, Aug 29, 2005.

  1. Noreen

    Noreen Guest

    Hello,

    I notice that on certain web servers (cpanel), if anyone calls to a
    directory on your website, the browser will create a directory listing of
    all files in the folder - a bit of a security loophole.

    Is there any way to reconfig this aside from placing a dummy index file in
    every folder on your site? (I believe these are mostly apache running
    cpanel).

    thanks for any tips or comments.

    noreen w
    Noreen, Aug 29, 2005
    #1
    1. Advertising

  2. __/ On Monday 29 August 2005 03:51, [Noreen] wrote : \__

    > Hello,
    >
    > I notice that on certain web servers (cpanel)



    *NIX servers. cPanel is merely a front-end which simplifies management at
    file-level.


    > if anyone calls to a
    > directory on your website, the browser will create a directory listing of
    > all files in the folder - a bit of a security loophole.



    No. It's exactly what is intended to happen. If you wish for this behaviour
    to be stopped (e.g. you run a respectable business and have hidden pages),
    then:

    In cPanel 10 (maybe earlier too), find Index Manager down the bottom of the
    table; click item to deny listing; click directory icon to go a level
    deeper.


    > Is there any way to reconfig this aside from placing a dummy index file in
    > every folder on your site? (I believe these are mostly apache running
    > cpanel).



    I actually use dummy files too because it allows me to control how they
    appear (or /behave/). I can self-tailor messages to suit different
    directories. I also use visual (i.e. more informative) re-directions
    sometimes, e.g.

    <HTML>
    <HEAD>
    <link rel="stylesheet" href="/roy.css" type="text/css">
    <META HTTP-EQUIV="Refresh" CONTENT="1;URL=/proj.htm">
    <TITLE>Projects</TITLE>
    </HEAD>
    <BODY BGCOLOR=EEEEEE>
    <H1>Redirection</H1>
    You should shortly be redirected to the <B>Projects section</B>
    <P>If this does not happen, <a href="/proj.htm">click here</a></P>
    </BODY>
    </HTML>


    > thanks for any tips or comments.
    >
    > noreen w



    Hope it helps,

    Roy

    --
    Roy S. Schestowitz "Mod me up and I'll cherish you"
    http://Schestowitz.com
    Roy Schestowitz, Aug 29, 2005
    #2
    1. Advertising

  3. Noreen

    Toby Inkster Guest

    Roy Schestowitz wrote:
    > Noreen wrote:
    >
    >> I notice that on certain web servers (cpanel)

    >
    > *NIX servers.


    Apache servers.

    Apache behaves this way regardless of the platform -- be it Unix,
    Linux, Windows, Netware or even OS/2!

    (And there are many other non-Apache web servers that do this too.)

    --
    Toby A Inkster BSc (Hons) ARCS
    Contact Me ~ http://tobyinkster.co.uk/contact
    Toby Inkster, Aug 29, 2005
    #3
  4. Noreen

    Toby Inkster Guest

    Noreen wrote:

    > a bit of a security loophole.


    If directory indexes are a security loophole, you need to seriously
    rethink your security mechanism.

    --
    Toby A Inkster BSc (Hons) ARCS
    Contact Me ~ http://tobyinkster.co.uk/contact
    Toby Inkster, Aug 29, 2005
    #4
  5. __/ [Toby Inkster] on Monday 29 August 2005 11:11 \__

    > Roy Schestowitz wrote:
    >> Noreen wrote:
    >>
    >>> I notice that on certain web servers (cpanel)

    >>
    >> *NIX servers.

    >
    > Apache servers.
    >
    > Apache behaves this way regardless of the platform -- be it Unix,
    > Linux, Windows, Netware or even OS/2!
    >
    > (And there are many other non-Apache web servers that do this too.)


    I struggle to remember what I was thinking when I said that. I already knew
    that Apache runs on any platform (seen it in my own eyes), but wasn't too
    sure about cPanel, which is often associated with UNIX, at in my
    narrow-minded and Open Source-centric world. Thanks for correcting me.

    Roy
    Roy Schestowitz, Aug 29, 2005
    #5
  6. > Hello,
    >
    > I notice that on certain web servers (cpanel), if anyone calls to a directory
    > on your website, the browser will create a directory listing of all files in
    > the folder - a bit of a security loophole.
    >
    > Is there any way to reconfig this aside from placing a dummy index file in
    > every folder on your site? (I believe these are mostly apache running
    > cpanel).


    if you have access to your .htaccess file, a quick google search will
    show you these and more... look here....

    ( just randomly chosen from google results )
    http://www.arura.com/forums/index.php?showtopic=290
    http://www.webmasterworld.com/forum92/4441.htm
    http://www.clockwatchers.com/htaccess_dir.html

    I think this is what you are wanting in your .htaccess file....

    Options -Indexes

    --
    the beef jerky team :
    http://www.choicebeefjerky.com.au/distributors.html
    not a beef jerky web site : http://mycoolfish.com/vote.cmks
    freeball
    Disco Octopus, Aug 29, 2005
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Andreas Klemt
    Replies:
    2
    Views:
    402
    Andreas Klemt
    Jul 24, 2003
  2. C
    Replies:
    0
    Views:
    495
  3. Emin
    Replies:
    4
    Views:
    408
    Paul McGuire
    Jan 12, 2007
  4. Skybuck Flying
    Replies:
    30
    Views:
    1,098
    Bill Reid
    Sep 19, 2011
  5. C
    Replies:
    3
    Views:
    218
    Manohar Kamath [MVP]
    Oct 17, 2003
Loading...

Share This Page