Prevent Directory Listing
There are several methods available to prevent people and search engines from seeing the contents of directories on your site - for example the gedcom and backups folders, the documents, headstones, photos, etc folders.
To prevent the contents of ALL directories on your site from being viewed or indexed, add the following line to the .htaccess file at the top level of your website:
This prevents the server from creating and displaying an index of folders on your site, and as long as you don't have a file index.html or index.php in that folder will generate a "403 - Forbidden" error.
If you want to handle that more neatly, add the ′ErrorDocument′ line below after the above ′Options -Indexes′ line:
Note:: Use https if you use SSL, otherwise a mixed content browser warning will occur. Use http if you do not use SSL.
ErrorDocument 403 http(s)://URL.To.Your.site/index.php
which instead of displaying the "403 - Forbidden" page, will instead load your site's index.php page.
on a folder by folder basis
Create a file called index.html which contains the following lines
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <META HTTP-EQUIV="Refresh" CONTENT="0;url=/index.php"> </head> <body bgcolor="#ffffff"> <p></p> </body> </html>
and place it inside each directory you want to protect. Note that protecting a directory by this method doesn't protect the sub-directories in that directory.
The effect of this is to immediately redirect any request to the directory back to your index.php page - ie attempting to load http(s)://URL.To.Your.site/documents/ will cause the server to read the index.html file you've placed in the documents folder which then immediately (after a wait of 0 seconds) redirects to your site's index.php page.
If you are comfortable with PHP, you can do the same as above with an index.php:
<?php header('Location: /index.php'); ?>
Note that the URL is relative to the website's root directory.
If you want to get fancy, you can redirect a request for a media folder to a TNG selectable listing of the media. Taking the 'photos' directory as an example, create an index.php and add the following contents:
<?php header('Location: /browsemedia.php?mediatypeID=photos'); ?>
You can also use the Mod RewriteEngine in your .htaccess file to achieve the same thing for all your media folders without having to add index files to them. Using the .htaccess file is a more advanced subject; just be aware that it can be easily done with a little reasearch.
The following provide additional security measures:
Controlling Site Access
- Permissions Explained
- Database User
- Move your configuration files
- Move your backup files
- Move your gedcom files
- Overlaid Subroot how to recover from subroot.php overlay
- Prevent Directory Listing
- Protecting access log