Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Block /includes/ directory listing access?


olimits7

Recommended Posts

Hi,

 

I just noticed that if I go to "www.domain.com/includes/" I can see my directory listing of the /includes/ directory; how can I block this directory listing access from the public??

 

Thank you,

 

olimits7

Link to comment
Share on other sites

Hi,

 

I just noticed that if I go to "www.domain.com/includes/" I can see my directory listing of the /includes/ directory; how can I block this directory listing access from the public??

 

Thank you,

 

olimits7

 

# $Id: .htaccess 1739 2007-12-20 00:52:16Z hpdl $
#
# This is used with Apache WebServers
# The following blocks direct HTTP requests in this directory recursively
#
# For this to work, you must include the parameter 'Limit' to the AllowOverride configuration
#
# Example:
#
#<Directory "/usr/local/apache/htdocs">
#  AllowOverride Limit
#
# 'All' with also work. (This configuration is in your apache/conf/httpd.conf file)
#
# This does not affect PHP include/require functions
#
# Example: [url="http://server/catalog/includes/application_top.php"]http://server/catalog/includes/application_top.php[/url] will not work

<Files *.php>
Order Deny,Allow
Deny from all
</Files>

 

you should have a .htaccess file in your includes directory.

copy the above create your .htaccess file and upload to your includes folder

Nic

Sometimes you're the dog and sometimes the lamp post

[/url]

My Contributions

Link to comment
Share on other sites

There are at least three choices for an Apache server (uses .htaccess)

 

1) Options -Indexes in your .htaccess file to block all listings in all directories

2) blank or dummy index.html file in each directory you don't want listed (that doesn't otherwise have an index file)

3) dummy "move along folks, there's nothing to see here" page in one place, with DirectoryIndex line in your .htaccess that lists this dummy file with a fixed location (e.g., /noPeek.html) as the last fallback

 

Option 2 should work on an IIS (Windows) server, and there may be other options.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...