[PHP] restricting access to folders on server
i am using apache server and presently when i try accessing any folders of my website i am able to browse the files ex = www.website.com/images which is a serious security risk as i am building a forum website using php and mysql. in the root directory i have created a .htaccess file and whenever someone access a file which is not on the server i have created a user friendly message that the file does not exist instead of a 404 error message displayed by the browser. similar to this how can i go about restricting users to browse all my folders in the toot directory. if anyone accesses for ex = www.website.com/phpscripts an alert should appear asking them to enter a username and password. 1. how can i do this using apache. 2. where do i write the username and password information and will this apply to all the folders in the root directory or specific directories. please advice. thanks.
Re: [PHP] restricting access to folders on server
Sudhakar schrieb: i am using apache server and presently when i try accessing any folders of my website i am able to browse the files ex = www.website.com/images which is a serious security risk as i am building a forum website using php and mysql. in the root directory i have created a .htaccess file and whenever someone access a file which is not on the server i have created a user friendly message that the file does not exist instead of a 404 error message displayed by the browser. similar to this how can i go about restricting users to browse all my folders in the toot directory. if anyone accesses for ex = www.website.com/phpscripts an alert should appear asking them to enter a username and password. 1. how can i do this using apache. 2. where do i write the username and password information and will this apply to all the folders in the root directory or specific directories. please advice. thanks. Hey, I think that should be the right Thing for you: http://httpd.apache.org/docs/2.0/howto/auth.html Have a nice Day n3or -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] restricting access to folders on server
i am using apache server and presently when i try accessing any folders of my website i am able to browse the files ex = www.website.com/images which is a serious security risk as i am building a forum website using php and mysql. Assuming your images are for public consumption and that that dir only contains those images, then it's not a security risk. in the root directory i have created a .htaccess file and whenever someone access a file which is not on the server i have created a user friendly message that the file does not exist instead of a 404 error message displayed by the browser. similar to this how can i go about restricting users to browse all my folders in the toot directory. if anyone accesses for ex = www.website.com/phpscripts an alert should appear asking them to enter a username and password. You could put this in a .htaccess file: AuthType Basic AuthName Administration Area AuthUserFile acl/admin.acl Require valid-user acl/admin.acl is relative to the server root. You can create it using the htpasswd command. 2. where do i write the username and password information and will this apply to all the folders in the root directory or specific directories. If you put that in .htaccess file, it will apply to that directory and any subdirectories. -- Richard Heyes Employ me: http://www.phpguru.org/cv -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] restricting access to folders on server
On Mon, Mar 24, 2008 at 7:08 AM, Sudhakar [EMAIL PROTECTED] wrote: i am using apache server and presently when i try accessing any folders of my website i am able to browse the files ex = www.website.com/images which is a serious security risk as i am building a forum website using php and mysql. [snip!] 1. how can i do this using apache. 2. where do i write the username and password information and will this apply to all the folders in the root directory or specific directories. In addition to Richard's suggestion, you can also place a .htaccess file in each directory for which you don't want listing with this: Redirect Permanent index.php http://www.yourdomain.com/index.php That will automatically forward them to your homepage. Otherwise, you can turn off directory listing completely by explicitly stating it in your .htaccess file in your web root. It will work recursively for all directories in the web root. Limit GET POST PUT DELETE Order Deny,Allow Deny From All Options -Indexes /Limit In the future, though, please only post PHP-related questions to this list. Apache has its own user lists where you can ask these questions. -- /Daniel P. Brown Forensic Services, Senior Unix Engineer 1+ (570-) 362-0283 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
