Securing open directories on a website
December 1, 2004 9:26 PM   Subscribe

Securing a website: I just bought a domain and some web space. My immediate question is: how do I "close" my directories, so that everyone in the world can't browse them just by typing in the directory URL. My larger question is: what are the best practices for securing a website or a weblog? [more inside]

I know that securing an open directory is simple, and yes, I'm embarrassed to be asking, but my google-fu has failed me. Aside from some references to using .htaccess to restrict access to a directory to a set of users, I'm coming up dry.

More generally, however, I'd like any tips or suggestions drawn from practical experience regarding what I should do to lock things down.

Thanks in advance.
posted by gd779 to Computers & Internet (9 answers total)
 
Best answer: Options -Indexes
posted by nicwolff at 9:50 PM on December 1, 2004


Response by poster: Thanks, nicwolff, that's just what I was looking for. My directories are no longer open to the world.
posted by gd779 at 10:03 PM on December 1, 2004


If you want more info on what else you can do with .htaccess, this site may help.

As for what you should do, only allow files to be writeable that absolutely need to be writeable, and of course keep up with your blog software's security upgrades. I don't know anything about the database end, so perhaps others may want to give advice there.
posted by ontic at 10:23 PM on December 1, 2004


If .htaccess doesn't work on your server, just create a blank index.html file.
posted by MiG at 12:42 AM on December 2, 2004


What does the blank index.html do? How does it work? I've created a personal website with some pics and stuff, but have been thinking of adding content only family members with a password can read. Is that very difficult to do? Also, what do you need to do to have a link to a directory automatically forward to an html page? (I understand these are terribly neophite questions, and if you want to flame away, fine, but I thought this would be a good thread to ask.)
posted by Doohickie at 6:53 AM on December 2, 2004


What does the blank index.html do?
-- nothing. it's blank. but assuming yr webserver is apache or apache-like, it's existence will cause the "blankness" to display rather than a directory listing.

Is that (pw protection) very difficult to do?
-- it can be simple or complex depending on yr needs. the easiest way is probably to read ontic's link and then follow these htaccess instructions.

Also, what do you need to do to have a link to a directory automatically forward to an html page?
-- i don't understand the question. a google search on 'redirects' may help though.
posted by danOstuporStar at 7:30 AM on December 2, 2004


"Also, what do you need to do to have a link to a directory automatically forward to an html page?"

Instructions here.
posted by smackfu at 7:43 AM on December 2, 2004


Response by poster: .htaccess is working fine on my server. Is there anything else I need to be aware of, other than "don't leave directories open"?
posted by gd779 at 8:57 AM on December 2, 2004


The scripts that are running on your site will be a much larger security concern. Try to only use third party scripts and applications that seem to be used by lots of people. They'll be more likely to have security updates and alerts.

So if you use blogs or discussion boards, try to poke around for mentions of security problems.
posted by y6y6y6 at 9:37 AM on December 2, 2004


« Older Protection for a snowboard on an airplane?   |   Who's your Benedict Arnold? Newer »
This thread is closed to new comments.