Prevent Directory Listing

From TNG_Wiki
Jump to navigation Jump to search


There are several methods available to prevent people and search engines from seeing the contents of directories on your site - for example the gedcom and backups folders, the documents, headstones, photos, etc folders.


site wide

To prevent the contents of ALL directories on your site from being viewed or indexed, add the following line to the .htaccess file at the top level of your website:

Options -Indexes

This prevents the server from creating and displaying an index of folders on your site, and as long as you don't have a file index.html or index.php in that folder will generate a "403 - Forbidden" error.
If you want to handle that more neatly, add the ′ErrorDocument′ line below after the above ′Options -Indexes′ line:

Note:: Use https if you use SSL, otherwise a mixed content browser warning will occur. Use http if you do not use SSL.

ErrorDocument 403 http(s)://URL.To.Your.site/index.php

which instead of displaying the "403 - Forbidden" page, will instead load your site's index.php page.

on a folder by folder basis

Create a file called index.html which contains the following lines


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<META HTTP-EQUIV="Refresh"
CONTENT="0;url=/index.php">
</head>
<body bgcolor="#ffffff">
<p></p>
</body>
</html>

and place it inside each directory you want to protect. Note that protecting a directory by this method doesn't protect the sub-directories in that directory.

The effect of this is to immediately redirect any request to the directory back to your index.php page - ie attempting to load http(s)://URL.To.Your.site/documents/ will cause the server to read the index.html file you've placed in the documents folder which then immediately (after a wait of 0 seconds) redirects to your site's index.php page.

If you are comfortable with PHP, you can do the same as above with an index.php:

<?php
header('Location: /index.php');
?>

Note that the URL is relative to the website's root directory.

If you want to get fancy, you can redirect a request for a media folder to a TNG selectable listing of the media. Taking the 'photos' directory as an example, create an index.php and add the following contents:

<?php
header('Location: /browsemedia.php?mediatypeID=photos');
?>

You can also use the Mod RewriteEngine in your .htaccess file to achieve the same thing for all your media folders without having to add index files to them. Using the .htaccess file is a more advanced subject; just be aware that it can be easily done with a little reasearch.

Related Links

The following provide additional security measures:

Controlling Site Access

Protecting Resources

Checking your site for Malware