Is there a way to prevent folder directory access with CSS?

[__]

And that’s EXACTLY what I’ve been saying I am wanting to do from post #1.

Just wanted to make sure. You have talked about “preventing access” to your files, and I wanted to make sure that you understood that this is not what you were accomplishing by removing the index listing.

#Stop hotlinking
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?/.*$ [NC]
RewriteRule \.()$ [R=302,L]

The second rewrite condition should include your domain name, i.e.,

RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.com [NC]

The rule needs to have a rewrite pattern if you’re going to redirect the user. (If you want to simply block them, you can use - as the pattern and set the [F] flag.)

None of the error documents function/work/operate.

There’s nothing wrong with the format. Have you confirmed that the files exist at the correct location? How are you testing whether they work?

[Anonymous]

I never stated that I wanted to remove any index listing. I don’t even know what you mean by that. If I wanted something to not be on my server, I would simply delete the file instead of using time to create a code to “remove” it.

All I am wanting to accomplish is the prevention of anyone typing in a directory (any directory) in their browser bar and gaining direct access to the files in the directories. For example, if someone were to type in http://www.mydomaindotcom/images/ and that directory did not have an index file, then all contents of that directory would be listed on the browser. I do not want to have to create an index page, or home page, for each directory. In the above example I want a 403 Forbidden cutom page to show. If a valid path were…../journals/steam_propulsion.php and someone were to type …../steam_propulson.html instead, then I want an 404 custom page to show, and so forth.

I also want to prevent the .htaccess file from being viewed for obvious reasons.

If I understand the purpose of the 301 &c302 redirects, they are for sites, pages, or other files that have been moved. Is that correct? I don’t see that I will need the redirects as I don’t believe any file or folder locations will be changed with the new site. I was just curious how that code worked and the proper syntax. I assume removing those rewrites is recommended?

For the second rewrite condition I had a link to an image that said “No Hotlinking” but when I want to a few sites that have hotlinked to images/files on my site, they were still there. Perhaps they are cached?

[Anonymous]

I have the error 403 and 404 pages working. It appears direct access to folders is prevented as I wanted. Here’s an attempt at direct access, and it appears to work. If I type in ….images_2/aa I get the expected 404 page. If I type in …images_2/apples.php I get a message that “No input file specified” instead of the 404. Why?

The code being used is:

ErrorDocument 404 /404.php
ErrorDocument 403 /403.php

#Prevent viewing of .htaccess file
<Files .htaccess>
order allow,deny
deny from all
</Files>

# disable directory browsing
Options All -Indexes

[chrisburton]

I think what you might be looking for is something like

# Removes access to directories
# e.g.  disallow access /images unless an index file is present
Options +FollowSymLinks
Options -Indexes

By the way, not allowing people to right click will not stop people from stealing content. It’s mostly a pointless measure. Also, you only hold the copyright to images that you have created. If you have found them on the internet and placed them on your site, that does not give you rights.

[Anonymous]

Greetings Chris,

What does the code you give do that the example I gave does not?

I started web design in the 90’s and never kept up with the advancements in code. Until late last year, I got by on html, javascript, and a tiny bit of css if absolutely needed. Because the old ways no longer cut it, I’m having to learn css and more in depth ways of doing things. That said, I’m very aware of International Copyright laws. What will be on the new site will be my own work as is the case on the old site currently up. I realize the disable right click no longer offers protection, I’ve just never taken the time to remove it. It does remind would be crooks what the laws are and when they are caught, they have no excuse.

Best Regards.

[chrisburton]

What does the code you give do that the example I gave does not?

I was in the middle of writing that up when you posted the reply above along with your htaccess file.

All I am wanting to accomplish is the prevention of anyone typing in a directory (any directory) in their browser bar and gaining direct access to the files in the directories.

Options -Indexes answers that question

If I type in …images_2/apples.php I get a message that “No input file specified”

After some research, seems like this is due to your setup. What CMS are you using?

[Anonymous]

Greetings Chris,

The system is Legacy.

I notice that if I type …./apples.html instead of …./apples.php, the 404 pages displays. Why? Any non-existent .php file gets a “No input file specified”.

Best Regards.

[chrisburton]

Questions

• Where is your .htaccess file located
• Who is the host of your website?

[Anonymous]

Greetings Chris,

The .htaccess file is in the root directory.

Verio is the host.

[__]

I never stated that I wanted to remove any index listing. I don’t even know what you mean by that.

I was referring to the Indexes option previously discussed.

All I am wanting to accomplish is the prevention of anyone typing in a directory (any directory) in their browser bar and gaining direct access to the files in the directories. For example, if someone were to type in http://www.mydomaindotcom/images/ and that directory did not have an index file, then all contents of that directory would be listed on the browser.

I believe we are talking about the same thing. I’m really not trying to be difficult. I only wanted to be sure that you were not expecting Options -Indexes to do something it doesn’t.

For the second rewrite condition I had a link to an image that said “No Hotlinking” but when I want to a few sites that have hotlinked to images/files on my site, they were still there. Perhaps they are cached?

Likely. Maybe in your browser cache (which you can clear), maybe in an intermediate cache (which will clear eventually).

If I type in …images_2/apples.php I get a message that “No input file specified” instead of the 404. Why?

As Chris says, must be something your site is set up to do. Have you shown us the entire htaccess file? It’s possible that the rewriting is specified in your apache config, as well.

Oddly, that page also sends a “404 OK” header

…and a “Powered by PHP 4.4.8” header. That is dangerously outdated. PHP 4 has not been maintained for years. (You’ll also have problems getting help maintaining such old scripts.) It has security vulnerabilities as well, for which no patches are available. I know it would be a lot of work, but I highly recommend upgrading.

[Anonymous]

Greetings traq,

Oddly, that page also sends a “404 OK” header

…and a “Powered by PHP 4.4.8″ header. That is dangerously outdated. PHP 4 has not been maintained for years. (You’ll also have problems getting help maintaining such old scripts.) It has security vulnerabilities as well, for which no patches are available. I know it would be a lot of work, but I highly recommend upgrading.

I have no idea about that. I would assume that the host is responsible for keeping their services updated and system secure. Upgrading only costs money, unless the host is expecting me to write the code (ha ha) or me hire someone. If I have to hire someone to upgrade, what am I paying a monthly fee to the host for?

I,ve shown the .htaccess file I put on the server and the host says there aren’t any others that would interfere with what I am trying to do. I don’t believe them in all honesty. They’ve come to be a joke in the past few years.

Best Regards.

[chrisburton]

Verio is running 5.4 for clients.

You have been connected to John.
John: Good morning this is John, how can I help you?
Customer: Hi, John. What PHP version is Verio running for clients?
John: 5.4
Customer: Thank you.
John: you’re welcome

[Anonymous]

Rather confused by your post. I am however on skype now asking that question.

[chrisburton]

I wonder if this has something to do with CGI.

Asking who, your host?

[Anonymous]

Yes.

I called Verio and it is a PHP issue as I have an old account. It is also a CGI issue. The bad news is that Verio has allowed me to pay $25.00/mo for my site, e-mail, etc to sit on an outdated server and they haven’t upgraded anything on that server in years. Would have been nice to have known that, but I guess they wanted me to pay the $25.00/mo to drive a Yugo when I could have driven a BMW for 1/3 the cost! There is a better service for only $9.95/mo, but they will not transfer my site, email, or anything else to the new server/service. They offer a service to do that of course for ONLY $150/hr. What a joke and what a scam!

[Author]

Posts