Re: restricting access to folders on server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



i am using apache server and presently when i try accessing any folders of
my website i am able to browse the files ex = www.website.com/images which
is a serious security risk as i am building a forum website using php and
mysql.

Assuming your images are for public consumption and that that dir only contains those images, then it's not a security risk.

in the root directory i have created a .htaccess file and whenever someone
access a file which is not on the server i have created a user friendly
message that the file does not exist instead of a 404 error message
displayed by the browser.

similar to this how can i go about restricting users to browse all my
folders in the toot directory. if anyone accesses for ex =
www.website.com/phpscripts an alert should appear asking them to enter a
username and password.

You could put this in a .htaccess file:

AuthType Basic
AuthName "Administration Area"
AuthUserFile "acl/admin.acl"
Require valid-user

acl/admin.acl is relative to the server root. You can create it using the htpasswd command.

2. where do i write the username and password information and will this
apply to all the folders in the root directory or specific directories.

If you put that in .htaccess file, it will apply to that directory and any subdirectories.

--
Richard Heyes
Employ me:
http://www.phpguru.org/cv

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux