how to prevent dir "indexing" viewable?

[Noreen]

Hello,

I notice that on certain web servers (cpanel), if anyone calls to a
directory on your website, the browser will create a directory listing of
all files in the folder - a bit of a security loophole.

Is there any way to reconfig this aside from placing a dummy index file in
every folder on your site? (I believe these are mostly apache running
cpanel).

thanks for any tips or comments.

noreen w

 

[Roy Schestowitz]

__/ On Monday 29 August 2005 03:51, [Noreen] wrote : \__

Hello,

I notice that on certain web servers (cpanel)

*NIX servers. cPanel is merely a front-end which simplifies management at
file-level.

if anyone calls to a
directory on your website, the browser will create a directory listing of
all files in the folder - a bit of a security loophole.

No. It's exactly what is intended to happen. If you wish for this behaviour
to be stopped (e.g. you run a respectable business and have hidden pages),
then:

In cPanel 10 (maybe earlier too), find Index Manager down the bottom of the
table; click item to deny listing; click directory icon to go a level
deeper.

Is there any way to reconfig this aside from placing a dummy index file in
every folder on your site? (I believe these are mostly apache running
cpanel).

I actually use dummy files too because it allows me to control how they
appear (or /behave/). I can self-tailor messages to suit different
directories. I also use visual (i.e. more informative) re-directions
sometimes, e.g.

<HTML>
<HEAD>
<link rel="stylesheet" href="/roy.css" type="text/css">
<META HTTP-EQUIV="Refresh" CONTENT="1;URL=/proj.htm">
<TITLE>Projects</TITLE>
</HEAD>
<BODY BGCOLOR=EEEEEE>
<H1>Redirection</H1>
You should shortly be redirected to the <B>Projects section</B>
<P>If this does not happen, <a href="/proj.htm">click here</a></P>
</BODY>

thanks for any tips or comments.

noreen w

Hope it helps,

Roy

 

[Toby Inkster]

*NIX servers.

Apache servers.

Apache behaves this way regardless of the platform -- be it Unix,
Linux, Windows, Netware or even OS/2!

(And there are many other non-Apache web servers that do this too.)

 

[Toby Inkster]

a bit of a security loophole.

If directory indexes are a security loophole, you need to seriously
rethink your security mechanism.

 

[Roy Schestowitz]

__/ [Toby Inkster] on Monday 29 August 2005 11:11 \__

Apache servers.

Apache behaves this way regardless of the platform -- be it Unix,
Linux, Windows, Netware or even OS/2!

(And there are many other non-Apache web servers that do this too.)

I struggle to remember what I was thinking when I said that. I already knew
that Apache runs on any platform (seen it in my own eyes), but wasn't too
sure about cPanel, which is often associated with UNIX, at in my
narrow-minded and Open Source-centric world. Thanks for correcting me.

Roy

 

[Disco Octopus]

Hello,

I notice that on certain web servers (cpanel), if anyone calls to a directory
on your website, the browser will create a directory listing of all files in
the folder - a bit of a security loophole.

Is there any way to reconfig this aside from placing a dummy index file in
every folder on your site? (I believe these are mostly apache running
cpanel).

if you have access to your .htaccess file, a quick google search will
show you these and more... look here....

( just randomly chosen from google results )
http://www.arura.com/forums/index.php?showtopic=290
http://www.webmasterworld.com/forum92/4441.htm
http://www.clockwatchers.com/htaccess_dir.html

I think this is what you are wanting in your .htaccess file....

Options -Indexes