blocking access to directory tree.

[Steve]

A very easy way to do this is to create an empty file called index.html in 
every directory you don't want the contents viewable.  This is especially 
helpful when using interpreted languages such as php.  If you have a 
"includes" directory and for one reason or another the web server does not 
parse the .php file, it is very remotely possible someone could be lucky 
enough to see the text of an un-interpreted .php file.  WELL....  Apache 
handles file extensions in the order they are listed in the 
httpd.conf.  Most installations I have seen list index.htm and/or 
index.html before index.php.  So, in a given directory if there were an 
index.html and an index.php file the web server would dish up the 
index.html.  If it is an empty file or a symbolic link to an "you shouldn't 
be trying to look at this page" page, it would prevent the nosy user from 
seeing the directory contents or anything else.

The advantages to this lies in a situation where you do not have control 
over the web servers configuration.  It is also about as fast as can be 
because there are no rules for the web server to process.

I hope this make sense.  Even better would be it helped someone:)

Steve

>Hi Luau,
>
>I have a client who is worried about people accessing the
>directory tree on a website. He thinks they will type in the
>url without the viewed file to see it. He heard that you can
>edit the access.conf file to eiminate this.
>
>Is this an NT file? I have asked several Free BSD folk who
>don't know. Maybe somebody who is a Linux Guru may know.
>
>
>  Aloha! Al Plant -Webmaster http://hawaiidakine.com
>Providing FAST DSL Service for $28.80/mo.  Member Small
>Business Hawaii.
>Running Caldera Linux 2.4 & Free BSD 4.0 UNIX
>Support Open Source in Business and Computing.
>
>---
>You are currently subscribed to luau as: steve at iwsys.com
>To unsubscribe send a blank email to $subst('Email.Unsub')