I’ve got a site running on my local machine (apache) and I’m wondering if any of you could tell me how to block access to the parent folder. I’m assuming it’s something in httpd.conf ?
For example in my htdocs folder I have the ‘mysite’ directory and within that folder page1, page2, page2 etc… I do not want someone to be able to enter example.com – they should only be able to access example.com/mysite and any sub directory.
Any help would be much appreciated!
PS: I’ve got the site running on localhost and accessible publicly via dynamic DNS name. This is for a course and that is how we’ve been asked to configure it. I just don’t want people to be able to see everything in my localhost but don't want to turn directory browsing off for any sub folders.
You can put an index.php file in that top directory with something like:
PHP Code:
<?php header("HTTP/1.0 404 Not Found");
Then make sure your Apache config will process that as the default file, e.g.:
Code:
DirectoryIndex index.php index.html index.htm
"Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
~ Terry Pratchett in Nation
Of course that doesn't restrict access to the parent directory, it just gives a 404 error if somebody tries to go to that directory without a file specified - like http://example.com.
If you've got an asset in there like myimage.gif then people will still be able to access it by typing in http://example.com/myimage.gif.
If you've got stuff in the web root directory that you don't want outsiders to access, then preventing them from accessing it is simple - don't put it in the web root! Stick it in some folder above the web root.
I've switched careers...
I'm NO LONGER a scientist,
but now a web developer...
awesome.
You can put an index.php file in that top directory with something like:
I think that would be the simplest route so probably what I'll end up doing!
Originally Posted by aj_nsc
Of course that doesn't restrict access to the parent directory, it just gives a 404 error if somebody tries to go to that directory without a file specified - like http://example.com.
If you've got an asset in there like myimage.gif then people will still be able to access it by typing in http://example.com/myimage.gif.
This was actually the problem that I was trying to avoid. I don't want them to be able to go to example.com/some_other_folder_or_file if they know that the path exists. Anyhow I think I'll just work with this for now.
I'll use both suggestions; index.php in document root and the rest of the folders in other dirs.
With a htaccess file you are able to deny access..If you have a htaccess file with the following content:
Code:
deny from all
No one will be able to access the content in that folder by browser.
Although it will be possible to include it.
Hey that is great thanks and I think that would work well.
Would they be able to access any sub-folders in that directory? For example I only want them to be able to view example.com/mysite1 - if I have example.com/mysite2 would they be able to see that or are they simply blocked from seeing the contents of example.com/
Hey that is great thanks and I think that would work well.
Would they be able to access any sub-folders in that directory? For example I only want them to be able to view example.com/mysite1 - if I have example.com/mysite2 would they be able to see that or are they simply blocked from seeing the contents of example.com/
I think they are able to see subfolders. But I'm not sure about that.
Reply With Quote
Originally Posted by NogDog
Bookmarks