On Mon, Mar 24, 2008 at 7:08 AM, Sudhakar <sudhakararaog@xxxxxxxxx> wrote:
> i am using apache server and presently when i try accessing any folders of
> my website i am able to browse the files ex = www.website.com/images which
> is a serious security risk as i am building a forum website using php and
> mysql.
[snip!]
>
> 1. how can i do this using apache.
> 2. where do i write the username and password information and will this
> apply to all the folders in the root directory or specific directories.
In addition to Richard's suggestion, you can also place a
.htaccess file in each directory for which you don't want listing with
this:
Redirect Permanent index.php http://www.yourdomain.com/index.php
That will automatically forward them to your homepage. Otherwise,
you can turn off directory listing completely by explicitly stating it
in your .htaccess file in your web root. It will work recursively for
all directories in the web root.
<Limit GET POST PUT DELETE>
Order Deny,Allow
Deny From All
Options -Indexes
</Limit>
In the future, though, please only post PHP-related questions to
this list. Apache has its own user lists where you can ask these
questions.
--
</Daniel P. Brown>
Forensic Services, Senior Unix Engineer
1+ (570-) 362-0283
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
