The simplest method to prevent random browsing of your folders is to put an empty (or optionally one with a text only "no direct access" message) index.html file in those folders to prevent the index from showing. The best method is to get your permissions and server configuration correct. Start with restrictive settings (444 for instance) and gradually add only those permissions needed for your scripts to work. The least popular method is reading up on how apache works: http://httpd.apache.org/docs/2.0/ There are several sections on security and how to set permissions and access. --- In php-objects@xxxxxxxxxxxxxxx, "Sudhakar" <finals27@...> wrote: > > > i am using apache server and presently when i try accessing any > folders of my website i am able to > > browse the files ex = www.website.com/images which is a serious > security risk as i am building a > > forum website using php and mysql. > > in the root directory i have created a .htaccess file and whenever > someone access a file which is not > > on the server i have created a user friendly message that the file > does not exist instead of a 404 > > error message displayed by the browser. > > similar to this how can i go about restricting users to browse all > my folders in the toot directory. > > if anyone accesses for ex = www.website.com/phpscripts an alert > should appear asking them to enter a > > username and password. > > 1. how can i do this using apache. > 2. where do i write the username and password information and will > this apply to all the folders in > > the root directory or specific directories. > > please advice. > > thanks. >