Restricting Access to Parent Folder (Apache)
Iíve got a site running on my local machine (apache) and Iím wondering if any of you could tell me how to block access to the parent folder. Iím assuming itís something in httpd.conf ?
For example in my htdocs folder I have the Ďmysiteí directory and within that folder page1, page2, page2 etcÖ I do not want someone to be able to enter example.com Ė they should only be able to access example.com/mysite and any sub directory.
Any help would be much appreciated!
PS: Iíve got the site running on localhost and accessible publicly via dynamic DNS name. This is for a course and that is how weíve been asked to configure it. I just donít want people to be able to see everything in my localhost but don't want to turn directory browsing off for any sub folders.
You can put an index.php file in that top directory with something like:
Then make sure your Apache config will process that as the default file, e.g.:
header("HTTP/1.0 404 Not Found");
DirectoryIndex index.php index.html index.htm
"Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
~ Terry Pratchett in Nation
How to Ask Questions the Smart Way
(not affiliated with this site, but well worth reading)
Of course that doesn't restrict access to the parent directory, it just gives a 404 error if somebody tries to go to that directory without a file specified - like http://example.com.
If you've got an asset in there like myimage.gif then people will still be able to access it by typing in http://example.com/myimage.gif.
If you've got stuff in the web root directory that you don't want outsiders to access, then preventing them from accessing it is simple - don't put it in the web root! Stick it in some folder above the web root.
I've switched careers...
I'm NO LONGER a scientist,
but now a web developer...
Thanks for the replies guys!!
I think that would be the simplest route so probably what I'll end up doing!
Originally Posted by NogDog
This was actually the problem that I was trying to avoid. I don't want them to be able to go to example.com/some_other_folder_or_file if they know that the path exists. Anyhow I think I'll just work with this for now.
Originally Posted by aj_nsc
I'll use both suggestions; index.php in document root and the rest of the folders in other dirs.
With a htaccess file you are able to deny access..
If you have a htaccess file with the following content:
No one will be able to access the content in that folder by browser.
Although it will be possible to include it.
Hey that is great thanks and I think that would work well.
Originally Posted by GettingSmart
Would they be able to access any sub-folders in that directory? For example I only want them to be able to view example.com/mysite1 - if I have example.com/mysite2 would they be able to see that or are they simply blocked from seeing the contents of example.com/
I think they are able to see subfolders. But I'm not sure about that.
Originally Posted by MaxAvion
Users Browsing this Thread
There are currently 2 users browsing this thread. (0 members and 2 guests)