Warning: Undefined array key "birthday_search" in phar://.../vb/vb.phar/api/user.php on line 1 Warning: Undefined array key "joindate" in phar://.../vb/vb.phar/api/user.php on line 1 Warning: Undefined array key "posts" in phar://.../vb/vb.phar/api/user.php on line 1 Warning: Undefined array key "posts" in phar://.../vb/vb.phar/api/user.php on line 1 Warning: Undefined array key "userid" in phar://.../vb/vb.phar/api/user.php on line 1 Warning: Undefined array key "userid" in phar://.../vb/vb.phar/api/user.php on line 1 Warning: Undefined array key "privacy_options" in phar://.../vb/vb.phar/api/user.php on line 1 Warning: Undefined array key "userid" in phar://.../vb/vb.phar/library/user.php on line 2 Warning: Undefined array key "userid" in phar://.../vb/vb.phar/library/user.php on line 2 Warning: Undefined array key "lastactivity" in phar://.../vb/vb.phar/library/user.php on line 2 Warning: Trying to access array offset on value of type bool in .../vb5/route/profile.php on line 74 Disabling Indexes - ResellersPanel Discussion

Announcement

Collapse
No announcement yet.

Disabling Indexes

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Disabling Indexes

    Hi,

    Anyone who uses RSP hosting accounts, have you tried disabling indexes?
    Options -Indexes cannot be used for security reasons, but I'm looking for another method of disabling indexes in my hosting account.

    Reason is my website has dynamically created directories, which means I can't put a blank index.html in all of them, and its a security hazard for my directories to be viewable.

    Anyone got any suggestions or another solution for me?

    Cheers,
    Leigh

  • #2
    ...

    I don't think I am completely following you with saying using indexes are a security risk and are not allowed. I used index files all over my file structure to ensure prying eyes are directed to a blank page instead of publicly being able to view my directory in their browsers..

    Now I seen you mention that you have dynamically created directories. This would mean that a script you run or cron job creates new directories. And I am guessing that when you're new directory is created it lacks a index.html file being created to stop people from directory browsing.

    Ok well if those statements are true then either you would have to program into the script to create an index.html file along with the new dynamic directory or use htaccess commands. You would need to use such commands that would still allow users to grab the files they need from that directory but at the same time not be prompted for a password while doing it.. Hopefully I am not way off base here with that assumption.

    Here is an example of .htaccess file that for example allows files to be downloaded from the folder but does not allow anyone to browse the actual directory itself.

    /download/.htaccess

    Code:
    AuthType Basic
    AuthName "No access"
    AuthUserFile .htnopasswd
    AuthGroupFile /dev/null
    Require valid-user
    I would imagine you would want something like that in the directory that comes directly before the dynamically created ones in your file structure. This type of code may require user sessions though as I am unsure.. It would be worth experimenting with see if you can accomplish what you are looking for. But for example if this .htaccess file is located in root/download/.htaccess I would still be able to download items from the download folder but if I typed root-domain/download/ into my browser it would not allow access so that users can not see all the download files via directory browsing.. Sorry if I did not understand you correctly but this is what I use to accomplish what I think your saying.

    Comment


    • #3
      Thanks, that unfortunately blocked all access to the files, so I found this:

      IndexIgnore *


      An index page still gets displayed, but atleast there are no files displayed in it .

      Comment


      • #4
        Originally posted by Wicked View Post
        don't think I am completely following you with saying using indexes are a security risk and are not allowed. I used index files all over my file structure to ensure prying eyes are directed to a blank page instead of publicly being able to view my directory in their browsers..
        I don't quite understand. Do you mean that if you don't put an index, someone browsing www.yourwebsite.com/images would be able to see all your image files or something like that?

        Comment


        • #5
          Originally posted by drummerboy View Post
          I don't quite understand. Do you mean that if you don't put an index, someone browsing www.yourwebsite.com/images would be able to see all your image files or something like that?

          Correct drummerboy.

          Comment


          • #6
            Ooh, I would like to read learn more about it. What are the keywords that I can use to search about these in the search engines?

            Comment


            • #7
              Originally posted by drummerboy View Post
              Ooh, I would like to read learn more about it. What are the keywords that I can use to search about these in the search engines?
              Apache, Indexes, Options

              Comment


              • #8
                You could set permissions to 711 (CHMOD) on the folder. That should prevent directory indexing/listing, as well as files inside the folder still are accessable.
                Last edited by Guest; 23-05-2007, 11:57 AM.

                Comment


                • #9
                  Originally posted by JohnQ View Post
                  You could set permissions to 711 (CHMOD) on the folder. That should prevent indexing too, as well as files inside the folder are accessable.
                  You're currently talking about search engines right? We're talking about humans doing/viewing it.

                  Comment


                  • #10
                    Originally posted by drummerboy View Post
                    You're currently talking about search engines right? We're talking about humans doing/viewing it.
                    No, I'm talking about humans. E.g. you have a directory yourdomain.com/images/ and don't want people to view the content of this folder through a browser, but still be able to link to files inside it. Isn't that what you were talking about?

                    Comment


                    • #11
                      Originally posted by JohnQ View Post
                      No, I'm talking about humans. E.g. you have a directory yourdomain.com/images/ and don't want people to view the content of this folder through a browser, but still be able to link to files inside it. Isn't that what you were talking about?
                      That is what I am talking about correct. Humans it is.

                      Comment


                      • #12
                        Then just set the permissions at the same time you create the directory.

                        Comment


                        • #13
                          Originally posted by JohnQ View Post
                          You could set permissions to 711 (CHMOD) on the folder. That should prevent directory indexing/listing, as well as files inside the folder still are accessable.
                          That means even search engines wouldn't be able to index(see) it right? Is that good or bad? Besides that, I've also seen some websites when you try to access www.yourwebsite.com/images , it'll automatically direct you to their main homepage. Do you know how they do that?
                          Last edited by drummerboy; 23-05-2007, 03:10 PM.

                          Comment


                          • #14
                            Is there any reason you don't just put an empty HTML file in it naming index.htm ?

                            That way you just get a plain white page.

                            Comment


                            • #15
                              You could use a redirection and have links on page then redirect person to what ever page you want.

                              Comment

                              Working...
                              X