www.webdeveloper.com
Results 1 to 7 of 7

Thread: Restricting Access to Parent Folder (Apache)

  1. #1
    Join Date
    Nov 2010
    Posts
    24

    Restricting Access to Parent Folder (Apache)

    Hello,

    Ive got a site running on my local machine (apache) and Im wondering if any of you could tell me how to block access to the parent folder. Im assuming its something in httpd.conf ?

    For example in my htdocs folder I have the mysite directory and within that folder page1, page2, page2 etc I do not want someone to be able to enter example.com they should only be able to access example.com/mysite and any sub directory.

    Any help would be much appreciated!

    PS: Ive got the site running on localhost and accessible publicly via dynamic DNS name. This is for a course and that is how weve been asked to configure it. I just dont want people to be able to see everything in my localhost but don't want to turn directory browsing off for any sub folders.

  2. #2
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,330
    You can put an index.php file in that top directory with something like:
    PHP Code:
    <?php
    header
    ("HTTP/1.0 404 Not Found");
    Then make sure your Apache config will process that as the default file, e.g.:
    Code:
    DirectoryIndex index.php index.html index.htm
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

  3. #3
    Join Date
    Dec 2005
    Posts
    2,984
    Of course that doesn't restrict access to the parent directory, it just gives a 404 error if somebody tries to go to that directory without a file specified - like http://example.com.

    If you've got an asset in there like myimage.gif then people will still be able to access it by typing in http://example.com/myimage.gif.

    If you've got stuff in the web root directory that you don't want outsiders to access, then preventing them from accessing it is simple - don't put it in the web root! Stick it in some folder above the web root.
    I've switched careers...
    I'm NO LONGER a scientist,
    but now a web developer...
    awesome.

  4. #4
    Join Date
    Nov 2010
    Posts
    24
    Thanks for the replies guys!!

    Quote Originally Posted by NogDog View Post
    You can put an index.php file in that top directory with something like:
    I think that would be the simplest route so probably what I'll end up doing!

    Quote Originally Posted by aj_nsc View Post
    Of course that doesn't restrict access to the parent directory, it just gives a 404 error if somebody tries to go to that directory without a file specified - like http://example.com.

    If you've got an asset in there like myimage.gif then people will still be able to access it by typing in http://example.com/myimage.gif.
    This was actually the problem that I was trying to avoid. I don't want them to be able to go to example.com/some_other_folder_or_file if they know that the path exists. Anyhow I think I'll just work with this for now.

    I'll use both suggestions; index.php in document root and the rest of the folders in other dirs.

    Thanks again!

  5. #5
    Join Date
    Apr 2012
    Posts
    38
    With a htaccess file you are able to deny access..
    If you have a htaccess file with the following content:

    Code:
    deny from all
    No one will be able to access the content in that folder by browser.
    Although it will be possible to include it.

  6. #6
    Join Date
    Nov 2010
    Posts
    24
    Quote Originally Posted by GettingSmart View Post
    With a htaccess file you are able to deny access..If you have a htaccess file with the following content:

    Code:
    deny from all
    No one will be able to access the content in that folder by browser.
    Although it will be possible to include it.
    Hey that is great thanks and I think that would work well.

    Would they be able to access any sub-folders in that directory? For example I only want them to be able to view example.com/mysite1 - if I have example.com/mysite2 would they be able to see that or are they simply blocked from seeing the contents of example.com/

  7. #7
    Join Date
    Apr 2012
    Posts
    38
    Quote Originally Posted by MaxAvion View Post
    Hey that is great thanks and I think that would work well.

    Would they be able to access any sub-folders in that directory? For example I only want them to be able to view example.com/mysite1 - if I have example.com/mysite2 would they be able to see that or are they simply blocked from seeing the contents of example.com/
    I think they are able to see subfolders. But I'm not sure about that.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles