How do you disable access to a root directory on a web server?
March 2, 2009 12:14 PM
How do you disable access to a root directory on a web server?
We have individual files that we're happy to let people download, but we don't necessarily want them going to the root directory to download all the files.
e.g.
http://www.example.com/files/filenumber1.jpg (okay)
http://www.example.com/files/ (not okay)
Can anybody point me in the right direction so that a user who tries the second URL is denied access? Should we be looking in httaccess? cpanel? Somewhere else? I was surprised to not find an answer after Googling around.
We have individual files that we're happy to let people download, but we don't necessarily want them going to the root directory to download all the files.
e.g.
http://www.example.com/files/filenumber1.jpg (okay)
http://www.example.com/files/ (not okay)
Can anybody point me in the right direction so that a user who tries the second URL is denied access? Should we be looking in httaccess? cpanel? Somewhere else? I was surprised to not find an answer after Googling around.
You could do it with .htaccess, providing you are using an Apache server, or the like. You could also simply put an empty file in that directory, named index.php, or index.htm, as that will be all a normal visitor can see.
posted by ijsbrand at 12:21 PM on March 2, 2009
posted by ijsbrand at 12:21 PM on March 2, 2009
Fast and easy way is to put an index.html in that directory with either no content or some message.
The more correct answer is to use .htaccess and turn indexes off. This assumes you are using Apache as a web server.
http://httpd.apache.org/docs/2.0/mod/core.html#options
This can be in your .htaccess if the server is configured to allow this in your .htaccess.
posted by advicepig at 12:26 PM on March 2, 2009
The more correct answer is to use .htaccess and turn indexes off. This assumes you are using Apache as a web server.
http://httpd.apache.org/docs/2.0/mod/core.html#options
This can be in your .htaccess if the server is configured to allow this in your .htaccess.
posted by advicepig at 12:26 PM on March 2, 2009
These approaches won't prevent users from downloading files whose names they guess (which may or may not be relevant, depending on how guessable the names are and how sensitive the content is.) You might want to put the files intended for the public in their own subdirectory (which could be filled with symbolic links to the real files, if you like.)
posted by Zed at 12:38 PM on March 2, 2009
posted by Zed at 12:38 PM on March 2, 2009
Excellent! These were all very helpful and right on the money. I used the Options -Indexes in the .htaccess file and it solved the problem. Thank you for your help!
posted by jrholt at 5:12 PM on March 2, 2009
posted by jrholt at 5:12 PM on March 2, 2009
This thread is closed to new comments.
Options -Indexes
posted by Jairus at 12:19 PM on March 2, 2009