http directory access

**chris** · 09-24-2002 10:03 PM

Is it possible to disable http directory access (browsing the directory from a browser) by default? I read in an earlier post that the .htaccess file in the www root controls this, but that user wanted to enable it. My root .htaccess file is empty. I can't use web protect because some of the scripts I'm using don't play nice anymore.

Thanks,
Chris

**Jim** · 09-24-2002 11:44 PM

If you put an empty index page in the directory it will prevent directory browsing.

**chris** · 09-25-2002 01:24 AM

Hmmmm. The problem is that everything in that directory is owned by "nobody" since Gallary manages all the albums there. I can't place any files into the sub-directories.

There isn't something that controls this type of access site-wide?

Thanks, Chris

**Jim** · 09-25-2002 09:46 AM

Unless I'm missiing the point, which is very probable, directory browsing is supposed to be off. If you let me know the server you're on I'll check it.

**chris** · 09-25-2002 12:49 PM

I'm not sure which server I'm parked on, or how to tell. Ohio maybe?

www.novakfamily.net.

From reading other posts, I had assumed directory browsing would be disabled by default, but as far as I can tell that isn't the case.

Thanks, Chris

**jkwon** · 10-14-2002 11:24 PM

Jim,

I'm on wwwroot2. I'd also like browser-based directory browsing turned OFF site-wide as well. It's on right now.

Is there a way we can do this ourselves on a per-site basis? And, how can we turn it back on later if we want to?

Thanks.

**broken1** · 10-16-2002 10:57 AM

I've noticed the same think on wwwroot3

-Craig

**Jim** · 10-16-2002 11:11 AM

The guaranteed way to control this would be to log into the control panel and go to the edit .htaccess function. Or for those more technically gifted "just edit your .htaccess file" by adding the follwing a line from the two shown below.

Options Indexes
Options -Indexes

Choose the line you like the best. The first one turns directory browsing on no matter what the server itself is set to do. The one with the minus sign in front of it turns directory browsing (a.k.a. automatic indexing) off.

**broken1** · 10-16-2002 11:14 AM

Always good to know.

Thanks Jim.

**jkwon** · 10-16-2002 11:45 AM

Hey, alright!
That worked like a charm. Thanks, Jim!

**prince** · 10-16-2002 12:15 PM

I like to list or let others list some directories. But for the directories I don't want listed, I like to play with 'their' minds.

So I put in a little index.php file that sends me an email when someone tries to list the directory. And I may (or may not) echo the info (make them wonder what I do with the info).

To turn the 'message' off just remove 'echo message' at the bottom of this 'example script'

And to use this script in your directories - just change the YOURDOMAIN so you get the email and name the file index.php (assuming there are no other index files in the directory :)

Example: index.php

<HTML>
<HEAD>
<TITLE>Block Directory Listing</TITLE>
</HEAD>
<BODY BGCOLOR="ivory" TEXT="darkblue">

<?php

$ip = getenv ("REMOTE_ADDR");
$requri = getenv ("REQUEST_URI");
$servname = getenv ("SERVER_NAME");
$combine = " Dear" . $ip . " you visited " . $servname . " cause I saw you :) snooping around in directory = " . $requri ;

$httpref = getenv ("HTTP_REFERER");
$httpagent = getenv ("HTTP_USER_AGENT");
$today = date("D M j Y g:i:s a T");

$message = " $combine \n
HTTP_REFERER = $httpref \n
HTTP_USER_AGENT = $httpagent \n
HitTime = $today ";

$to = "folderblock@YOURDOMAIN.com";
$subject = "Folder Blocker";
$from = "From: folderblock@YOURDOMAIN.com\r\n";

mail($to, $subject, $message, $from);

echo $message
?>

<h1> Sorry you've been 'tagged' for trying to view my directory :) </h1>

</BODY></HTML>

**jkwon** · 10-17-2002 12:55 PM

Clever.

Thanks for the code. I'm new to HTML (I design, but I don't code... yet), so I need all the help I can get.

smgcircle · 12-15-2002 05:03 PM

I've just signed up with page-zone and am trying to learn my way around. Can someone tell me where the "edit .htaccess function" is on my control panel. I've looked all over, and just can't find it.

Thanks!

Steve
steve@gussow.us

**Jim** · 12-15-2002 05:36 PM

CPanel.net removed it but it is still editable through File Manager. If you click on the word (not the icon) of .htaccess in the public_html folder - the right hand side of the page will give several options. One of those options is "Edit". A text editor will open in a new window.

edit - but they did add the ability to turn off (and on) directory browsing on a per directory basis in the link called "Index Manager"

**stratplan** · 12-16-2002 09:13 AM

this is great info! I am trying to figure out how to capture it for future use, since I have a hard time remembering which message to look at to find goodies like this.

I just went to my Cpanel (bluelagoonadvanced skin) and can't find the public_html folder. So I FTP'd to the account and there isn't a .htaccess file in the public_html folder there either. Where would I look next? I like the idea of editing the .htaccess file(s)

**richof** · 12-16-2002 12:36 PM

I have found and understand the index manager in cpanel, but just FYI, it appears that indexing is ON by default. I have gone in and turned all to OFF. Your previous post indicated that the indexing should be OFF by default and it does not seem to be so.

**Jim** · 12-16-2002 02:30 PM

Indexing on/off depends on which particular apache build is installed on a given server which is one reason why the utility is there.

**bennerstul** · 12-24-2002 06:51 PM

If you need to see the .htaccess file and you are using WS_FTP - edit the site you are connecting to, go to Startup and enter -al in the Remote File Mask entry. This will show all files.

**fshagan** · 12-28-2002 01:42 AM

Originally posted by stratplan
this is great info! I am trying to figure out how to capture it for future use, since I have a hard time remembering which message to look at to find goodies like this.

I just went to my Cpanel (bluelagoonadvanced skin) and can't find the public_html folder. So I FTP'd to the account and there isn't a .htaccess file in the public_html folder there either. Where would I look next? I like the idea of editing the .htaccess file(s)

I've discovered that my ftp program, WS_FTP doesn't show any of the .filename files ... .htaccess, .users, etc. I've looked through the Options, and can't find where you can turn on display of these files. But they are there.

If you go into Cpanel, click on the "File Manager" icon on the top row, and you'll go into the site and be able to see all the files. You can edit it from there (I also have used the "File Manager" option to rename files that WS_FTP wouldn't upload until I renamed them something the program likes.)

**bennerstul** · 12-28-2002 03:26 PM

Umm did you read my post right above yours? I explain how to see these files in the exact program you are using... Also, a simple search on Google will tell you all this a thousand times over.