blocking access to directory tree.

Deven Phillips dphillips at viata.com
Thu Apr 26 11:10:34 PDT 2001 

A better method for this particular situation with PHP is to define an
includes path in the php.ini file that is outside of the web tree. This
allows you to store your important code where noone can ever get to it,
even if they compromise your webserver's security configuration.

Steve wrote:
> 
> A very easy way to do this is to create an empty file called index.html in
> every directory you don't want the contents viewable.  This is especially
> helpful when using interpreted languages such as php.  If you have a
> "includes" directory and for one reason or another the web server does not
> parse the .php file, it is very remotely possible someone could be lucky
> enough to see the text of an un-interpreted .php file.  WELL....  Apache
> handles file extensions in the order they are listed in the
> httpd.conf.  Most installations I have seen list index.htm and/or
> index.html before index.php.  So, in a given directory if there were an
> index.html and an index.php file the web server would dish up the
> index.html.  If it is an empty file or a symbolic link to an "you shouldn't
> be trying to look at this page" page, it would prevent the nosy user from
> seeing the directory contents or anything else.
> 
> The advantages to this lies in a situation where you do not have control
> over the web servers configuration.  It is also about as fast as can be
> because there are no rules for the web server to process.
> 
> I hope this make sense.  Even better would be it helped someone:)
> 
> Steve
> 
> >Hi Luau,
> >
> >I have a client who is worried about people accessing the
> >directory tree on a website. He thinks they will type in the
> >url without the viewed file to see it. He heard that you can
> >edit the access.conf file to eiminate this.
> >
> >Is this an NT file? I have asked several Free BSD folk who
> >don't know. Maybe somebody who is a Linux Guru may know.
> >
> >
> >  Aloha! Al Plant -Webmaster http://hawaiidakine.com
> >Providing FAST DSL Service for $28.80/mo.  Member Small
> >Business Hawaii.
> >Running Caldera Linux 2.4 & Free BSD 4.0 UNIX
> >Support Open Source in Business and Computing.
> >
> >---
> >You are currently subscribed to luau as: steve at iwsys.com
> >To unsubscribe send a blank email to $subst('Email.Unsub')
> 
> ---
> You are currently subscribed to luau as: dphillips at viata.com
> To unsubscribe send a blank email to $subst('Email.Unsub')

More information about the LUAU mailing list