Staff,
Good evening.
Today I am going to talk about how to prevent unauthorized people from viewing the files and folders of your Apache web server by entering a directory name, such as www.yourdomain.com/images/.
By default, the apache web server will open the default file defined by the DirectoryIndex directive (Learn more here). If this file does not exist or does not have a predefined directive, the server will open the listing of files and directories.
Most of the time, this is not interesting and even facilitates possible attempts at cracking attacks on your site. Learn now how to control it.
Using the IndexIgnore Directive
Through the IndexIgnore directive, we can block N file extensions that we do not want listed.
Examples:
| 1 2 | ## Impedir a listagem de arquivos no endereço www.seudominio.com/images/ IndexIgnore /images/* |
| 1 2 | ## Impedindo a listagem do próprio .htaccess e várias outras extensões de arquivos, além do arquivo teste.xls IndexIgnore .htaccess *.php *.js *.css *.htm *.html *.log *.sql *.pdf *.swf *.rtf *.doc *.odt teste.xls |
Using the Options Directive
This directive is more complete and simple, blocking any directory listing on your server and sending the HTTP 403 (Forbidden) error code to anyone trying to access it.
How to use:
| 1 2 | ## Impedindo a listagem de qualquer arquivo e diretório Options -Indexes |
Now your servers are more secure and private!
To the next!
1 Response
[…] November 24, 2014 Dirceu Resende Apache / .htaccess […]