blocking access to directory tree.

[Steve]

I wasn't recommending placing all of your interpreted code in below the 
document root.  I was only trying to illustrate a situation where this 
would be useful - ie hosted environment, etc. and to explain a small bit of 
how you could solve the original problem.


>A better method for this particular situation with PHP is to define an
>includes path in the php.ini file that is outside of the web tree. This
>allows you to store your important code where noone can ever get to it,
>even if they compromise your webserver's security configuration.
>
>Steve wrote:
> >
> > A very easy way to do this is to create an empty file called index.html in
> > every directory you don't want the contents viewable.  This is especially
> > helpful when using interpreted languages such as php.  If you have a
> > "includes" directory and for one reason or another the web server does not
> > parse the .php file, it is very remotely possible someone could be lucky
> > enough to see the text of an un-interpreted .php file.  WELL....  Apache
> > handles file extensions in the order they are listed in the
> > httpd.conf.  Most installations I have seen list index.htm and/or
> > index.html before index.php.  So, in a given directory if there were an
> > index.html and an index.php file the web server would dish up the
> > index.html.  If it is an empty file or a symbolic link to an "you shouldn't
> > be trying to look at this page" page, it would prevent the nosy user from
> > seeing the directory contents or anything else.
> >
> > The advantages to this lies in a situation where you do not have control
> > over the web servers configuration.  It is also about as fast as can be
> > because there are no rules for the web server to process.
> >
> > I hope this make sense.  Even better would be it helped someone:)
> >
> > Steve
> >
> > >Hi Luau,
> > >
> > >I have a client who is worried about people accessing the
> > >directory tree on a website. He thinks they will type in the
> > >url without the viewed file to see it. He heard that you can
> > >edit the access.conf file to eiminate this.
> > >
> > >Is this an NT file? I have asked several Free BSD folk who
> > >don't know. Maybe somebody who is a Linux Guru may know.
> > >
> > >
> > >  Aloha! Al Plant -Webmaster http://hawaiidakine.com
> > >Providing FAST DSL Service for $28.80/mo.  Member Small
> > >Business Hawaii.
> > >Running Caldera Linux 2.4 & Free BSD 4.0 UNIX
> > >Support Open Source in Business and Computing.
> > >
> > >---
> > >You are currently subscribed to luau as: steve at iwsys.com
> > >To unsubscribe send a blank email to $subst('Email.Unsub')
> >
> > ---
> > You are currently subscribed to luau as: dphillips at viata.com
> > To unsubscribe send a blank email to $subst('Email.Unsub')
>
>---
>You are currently subscribed to luau as: steve at iwsys.com
>To unsubscribe send a blank email to $subst('Email.Unsub')