Best way to protect Web Folder Access?

Portal Home > Knowledgebase > Articles Database > Best way to protect Web Folder Access?

Posted by thefandango, 09-12-2008, 06:06 PM
Hi This may be a basic question so apologies. I have had a website developed a while back and have today noticed during some final work that I can access all folders on the site. For example if I type in www.mysite.com/xinha I can see all the xinha configuration files. It is the same for my javascript folder etc. Obviously this is not good! If I merely place an index.html into each folder while that be sufficient to block access? Or do I need to use htaccess? If so, what is the basic htaccess wording I would need to stop outside access? Thanks.
Posted by TheITAdvisory, 09-12-2008, 08:41 PM
index.html will be sufficient enough unless the person knows the exact file name they want to look for, like admin.config or something. If you have an admins directory, or files ina folder you dont want anyone to access, a .htaccess is needed. .htaccess howto: http://www.besthostratings.com/articles/htaccess.html You can also chmod the directory
Posted by bear, 09-12-2008, 09:25 PM
Just add an .htaccess file in the root directory, and in it place this: Options -Indexes That will (depending on your server configuration) give a forbidden error if someone tries to access a folder directly that doesn't have an index file, instead of showing a list of files (index).
Posted by thefandango, 09-13-2008, 07:47 AM
thanks guys. I have bunged in some index files. I think once my site is ready for public launch I am going to need a security/admin expert to take a look over my site and server!