Preventing directory browsing


#1

Hi I’ve searched Support on this topic, and have seen the .htaccess discussions but am not sure it answers my question. How do I prevent users from browsing my subdirectories?

It looks like the domain directory http://example.com can’t be browsed as long as an index page exists, but what about http://example.com/images, http://example.com/css, etc? I’m not concerned with hotlinking and I don’t need to authenticate individual users, I just want everyone to receive a 403 Forbidden message when trying to browse subdirectories or when trying to navigate back up to the domain directory. Image and CSS files in these subdirectories would still need to be available for inclusion in web pages though.

If it’s a case of setting directory permissions in Unix, please let me know the correct configuration. Thanks.


#2

you can use your .htaccess solution to give the 403 errors. You can also simply put a index page in each sub-directory which might look nicer to your site visitors. Of course you can style the 403 error page too - whatever floats your boat.

–Matttail
art.googlies.net - personal website


#3

I think it’s nice to redirect people to the main page via an .htaccess page in media directories

Free unique IP and $67 off with promo code [color=#CC0000]FLENSFREEIP67[/color] or use [color=#CC0000]FLENS97[/color] for $97 off. Click here for more options


#4

Maybe I missed something from an earlier thread, but it seems like people haven’t really mentioned that an .htaccess file applies to all subdirectories underneath the directory it’s in.

The OP mentioned that the 403 error is acceptable to him, and that he didn’t want to create an index file in every subdirectory. A .htaccess file will accomplish this. This is all the code I use in one to do what he is talking about.

Options -Indexes


#5

Thank you for the replies, it is working great!