Author Topic: How do I stop unwanted directory browsing? (Read 14663 times)

airphoto · « **on:** March 14, 2003, 10:44:34 PM »

Hi,

When a new category is created the directory does not appear to have any html or php file inside it to prevent directory browsing.

For example on my site if you visit http://www.airphoto.co.uk/4images/data/media/8/

You get to see in that directory (category). - It's just a test photo.

On the other hand if you click on Vano's wonderful site (Always a good example) you get a 404 page not found.
http://come.no-ip.com/data/media/3/

What I would like is to have the visitor trying to access my directories to be directed to the initial page and an image warning that it is not allowed.

Anybody?

Best wishes.

V@no · « **Reply #1 on:** March 14, 2003, 11:42:29 PM »

I did it with .htaccess

to prevent visitors see files in specific dir (and its subdirs too), insert into .htaccess file this:

Code: [Select]

Options none
if u want also redirect them to a specific page when 403 or 404 error accure, add this in same .htaccess file:

Code: [Select]

ErrorDocument 403 http://yoursite.com/error_page.php
ErrorDocument 404 http://yoursite.com/error_page.php

Chris · « **Reply #2 on:** March 15, 2003, 03:18:47 AM »

Quote from: V@no

I did it with .htaccess

to prevent visitors see files in specific dir (and its subdirs too), insert into .htaccess file this:
Code: [Select]
Options none

That's pretty restrictive. If you want to disable ONLY directory listing from the browser, use this line instead.

Code: [Select]

# Don't allow directory listing in a web browser
Options -Indexes

SLL · « **Reply #3 on:** March 15, 2003, 10:37:04 AM »

the most simple way is just putting blank index.html there, huh?

airphoto · « **Reply #4 on:** March 15, 2003, 10:59:24 AM »

Thanks for the input, I thought about it overnight and have taken the easy option of placing a new index page in every directory with the following code in it.

<HTML>
<HEAD>
<TITLE>Your Title</TITLE>
<meta HTTP-EQUIV="Refresh" CONTENT="0; URL=http://yourdomain/4images">
</HEAD>
<BODY>
</BODY>
</HTML>

It seems to work for now - Jan this is maybe something you could integrate much better in the next version.

Thanks again.

V@no · « **Reply #5 on:** March 15, 2003, 01:55:08 PM »

Quote from: airphoto

Thanks for the input, I thought about it overnight and have taken the easy option of placing a new index page in every directory with the following code in it.

<HTML>
<HEAD>
<TITLE>Your Title</TITLE>
<meta HTTP-EQUIV="Refresh" CONTENT="0; URL=http://yourdomain/4images">
</HEAD>
<BODY>
</BODY>
</HTML>

It seems to work for now - Jan this is maybe something you could integrate much better in the next version.

Thanks again.

disadvantage of this method, that still anyone can browse/see/download your files by using any download managers.

Chris · « **Reply #6 on:** March 15, 2003, 06:05:23 PM »

Quote from: Chris

That's pretty restrictive. If you want to disable ONLY directory listing from the browser, use this line instead.
Code: [Select]
# Don't allow directory listing in a web browser Options -Indexes

One more thing. If you place this line in a .htaccess file in the top-level media directory, you don't have to ever do anything else. The .htaccess file will apply to any subdirectories under it including any new categories you create in the future. Using an empty index.html requires that you create a new file every time you create a new category.

Alembic · « **Reply #7 on:** April 16, 2003, 11:11:30 PM »

I have a real problem that when a user has uploaded a file and it's awaiting validation (shown as uploaded on member.php) if they know the path to the image they can use this path and call it from another site or by using the URL straight into the browser.
Of course, this cant be solved by .htaccess or placing a blank index.html file within the images directory because if they know the name of the image they have uploaded and the path to the directory they can call it from almost anywhere.
Cheap way of obtaining webspace for a load of images ?

Anyone solved this issue.
Ta !

Chris · « **Reply #8 on:** April 16, 2003, 11:31:21 PM »

Search the forums. There are several posts regarding how to disable hot linking.

Alembic · « **Reply #9 on:** April 16, 2003, 11:40:10 PM »

Tried a search for "hot linking" just returned this thread.
Seems that the files when first uploaded go into the tmp_media directory.
Once they are validated they no longer exist in the tmp directory - which is good.
Still none the wiser for the other but then it's possible to link to most images within other websites and the problem is not specific to this excellent script.
Just have to watch my stats to see if there's anyone linking in.
Thanks for replying though.

Chris · « **Reply #10 on:** April 17, 2003, 04:15:25 AM »

If you are using the Apache web server, create a file called .htaccess in the 4images/data/ directory.

NOTE the file name includes a leading period!

That's

Code: [Select]

.htaccess

Put these lines inside the file:

Code: [Select]

# Disable image hot-linking
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(www\.)?YourDomain.*/.*$ [NC]
RewriteRule [^/]+.(gif|jpg|png)$ http://www.YourDomain.com/4images/templates/default/images/header_logo.gif [R,L]

Any time an image is hot linked, the header_logo.gif will be returned instead.

More info can be found here: www.apache.org

PuCK · « **Reply #11 on:** April 17, 2003, 11:47:18 AM »

Quote from: Chris

Quote from: Chris
That's pretty restrictive. If you want to disable ONLY directory listing from the browser, use this line instead.
Code: [Select]
# Don't allow directory listing in a web browser Options -Indexes

One more thing. If you place this line in a .htaccess file in the top-level media directory, you don't have to ever do anything else. The .htaccess file will apply to any subdirectories under it including any new categories you create in the future. Using an empty index.html requires that you create a new file every time you create a new category.

If I do this. the pictures on my page won't work either

How can this be?

Chris · « **Reply #12 on:** April 17, 2003, 04:08:04 PM »

Not sure, it works for me.

Loet · « **Reply #13 on:** May 29, 2003, 07:58:10 PM »

I just use

# Don't allow directory isting in a web browser
IndexIgnore *

in htaccess and put that in ./media or in other dirs that I want to protect from listing.

It shows no more listing of directory and subdirectories.
When I use other options the pictures do not show up anymore.

Loet

iban · « **Reply #14 on:** September 04, 2005, 08:26:03 PM »

Quote from: PuCK on April 17, 2003, 11:47:18 AM

If I do this. the pictures on my page won't work either How can this be?

I have the same problem. When I use...

Quote

DirectoryIndex index.php index.htm index.html
# Disable directory listings in the web browser
Options -Indexes

..I cannot enter via web to the folders... correct!
But I cannot see the thumbnails on my web (when I click I thumbnail I see the picture, but the thumbnails are not loaded)
Changing back the .htaccess to blanck file I can see the thumbnails, but it is the problem with folder listing... grgrgrgrggr

What could be the problem? How could I solve it?

Many Thanks

4images Forum & Community

News:

Author Topic: How do I stop unwanted directory browsing? (Read 14663 times)

airphoto

How do I stop unwanted directory browsing?

V@no

How do I stop unwanted directory browsing?

Chris

How do I stop unwanted directory browsing?

SLL

How do I stop unwanted directory browsing?

airphoto

How do I stop unwanted directory browsing?

V@no

How do I stop unwanted directory browsing?

Chris

How do I stop unwanted directory browsing?

Alembic

Browsing Directory

Chris

How do I stop unwanted directory browsing?

Alembic

hot linking

Chris

How do I stop unwanted directory browsing?

PuCK

How do I stop unwanted directory browsing?

Chris

How do I stop unwanted directory browsing?

Loet

htaccess

iban

Re: How do I stop unwanted directory browsing?