cancel
Showing results for 
Search instead for 
Did you mean: 

Prevent directory access

N/A

Prevent directory access

My error redirect pages are working fine, but any folder that does not have either:
index.htm
index.php
allow the visitor to see the entire directory listing
example :
cgi.mjkerr.force9.co.uk/style

I've also tried using the
Quote

DirectoryIndex index.html index.txt /error404.php

line within .htaccess

The main cause for concern here is I have a folder that has my MySQL configurations in it, and it is currently possible to see this folder (as part of the URL appears in the homepage!)
2 REPLIES
N/A

Prevent directory access

There's no way to use DirectoryIndex on the CGI server - the easiest way to deny directory listings is to upload a blank index.html file to the folder - this will then be served up.
N/A

Prevent directory access

If you're concerned about protecting your database password, you should protect your files from the prying eyes of fellow Force9 customers (like myself) -- we can easily telnet to the server, change to your home directory and browse your files at our leisure. Unless appropriate permissions have been set, your database password is available to any customer with shell access.

I strongly recommend you log on and execute this command from your home directory:
    cd ..;chmod -R g-rwx mjkerr;cd
"shellcgi" group never needs to have any access to any of your stuff for it to work -- you access it by virtue of being the user/owner and the webserver accesses it as "other", so you might as well lock out "shellcgi" completely.