Return to our homepage Add this site to your favorites Chat with a live represenitive      
Hostwrap.com     
      
   Services
 Index
 Website Hosting
 Free Website Hosting
 Free Site Monitoring
   Login
  Billing System
  Control Panel
   Contact
 Contact Us
 Abuse Desk
 Affiliates
 Resellers

Information Center
   SSL
   Reseller Help
   Reseller Packages
   Disabled Account



Website Hosting Backup and Website Monitoring View Pricing and Hosting Packages Control Panel Demo
Protecting Your Server From Unwanted Directory Listings


------------------------------------------------------
- by Dirk Brockhausen


------------------------------------------------------
-

When a URL is called which isn't pointing to a file but merely to a directory, the server will look for the default documents.

These are defined in the server's configuration file.

Let's look at a practical example. A visitor enter the following URL in his or her web browser:

< http://yourdomain.com >

The webserver will expand the URL, depending on configuration, to:

< http://yourdomain.com/index.html > < http://yourdomain.com/index.htm > < http://yourdomain.com/default.htm > < http://yourdomain.com/home.htm >

If none of the default documents is found, the web server will display the directory listing by default.

This, of course, will inadvertently reveal document names to your visitor which can then be downloaded directly, e.g.:

< http://yourdomain.com/private/private.html >

To protect against this unwanted display, a common approach is to copy a default document into each directory, e.g. "index.html".

The default document can be empty, even a file of 0 bytes will suffice.

Instead, you may also configure the file to redirect the visitor via a meta refresh e.g. to your home page file "index.html" in the main directory.

However, this protection measure is somewhat cumbersome, especially so if you have a multitude of directories to protect from snooping eyes.

A better method consists of configuring the web server accordingly. Drawing on the Apache web server configuration file "httpd.conf", we will now explain how to set about this.

old === ... Options Indexes FollowSymLinks MultiViews

new === ... Options FollowSymLinks MultiViews

Simply delete the option "Indexes", and you've solved the problem!

The .htaccess Method -------------------- If you are on a system setup without access privilege to the web server but offering ".htaccess" functionality, the following entry in your ".htaccess" file will help you tackle the task:

Options -Indexes

Or, if you have already defined e.g. the Options:

Options +Includes +ExecCGI -Indexes

This rule applies to the directory in which the ".htaccess" is located as well as all subdirectories below.

In this manner, you can restrict directory display on your virtual domain, even if the server wide configuration permits it.

On the reverse side, this will also allow you to enable directory listing for specific directories, even if the the server wide configuration does not permit it.

This can be useful in the case of directories featuring download files.

In this case, your ".htaccess" should have the following entry:

Options +Indexes

To modify the order in which the files in a given directory will be displayed, you can use the following parameters.

In the example below the listing of the main directory will be sorted:

< http://www.yourdomain.com/?N=A > Ascending - Sort by file name (default) < http://www.yourdomain.com/?M=A > Ascending - Last modification date < http://www.yourdomain.com/?S=A > Ascending - Size < http://www.yourdomain.com/?D=A > Ascending - Description

< http://www.yourdomain.com/?N=D > Descending - Sort by file name (default) < http://www.yourdomain.com/?M=D > Descending - Last modification date < http://www.yourdomain.com/?S=D > Descending - Size < http://www.yourdomain.com/?D=D > Descending - Description

This text may freely be republished or distributed in unmodified form provided the following resource box is included intact either at the beginning or the end of the article and a complimentary copy or notice (link) is sent to the author at the address specified below:

Ralph Tegtmeier is the co-founder and principal of fantomaster.com GmbH (Belgium), < http://fantomaster.com/ >, a company specializing in webmasters software development, industrial-strength cloaking and search engine positioning services.

He has been a web marketer since 1994 and is editor-in-chief of fantomNews, a free newsletter focusing on search engine optimization, available at: < http://fantomaster.com/fantomnews-sub.html > You can contact him at mailto:fneditor@fantomaster.com (c) copyright 2002 by fantomaster.com All rights reserved. Downloaded at: < http://fantomaster.com/ >

Statistics  |  Message System  |  Server Settings  |  Doorway Domains

Whois    TOS    SLA    Privacy Policy    Order Now    Contact Us


© 2004 HostWrap.com , All rights reserved.
Unauthorized duplication or publication of any materials from this Site is expressly prohibited.