sarafina Posted April 30, 2010 Share Posted April 30, 2010 I noticed that all my directories can be browsed when typed in directly..ex. domain.com/images. I want to prevent this. I tried adding the .htaccess file that is provided in the 'Secure your site' thread but that made my website get an error 500 right after. I have since removed. My host said they don't allow the directive Options in .htaccess files so maybe thats why? In any event I need to fix this so can somebody please help me? Thanks in advance.. Contributions installed: Purchase without Account / STS/ All Products/ Header Tags Controller Link to comment Share on other sites More sharing options...
BryceJr Posted April 30, 2010 Share Posted April 30, 2010 I noticed that all my directories can be browsed when typed in directly..ex. domain.com/images. I want to prevent this. I tried adding the .htaccess file that is provided in the 'Secure your site' thread but that made my website get an error 500 right after. I have since removed. My host said they don't allow the directive Options in .htaccess files so maybe thats why? In any event I need to fix this so can somebody please help me? Thanks in advance.. Insert this in your htaccess file. IndexIgnore * Link to comment Share on other sites More sharing options...
MrPhil Posted April 30, 2010 Share Posted April 30, 2010 If hackers are browsing through image directories and such, simply create an empty index.html in that directory. Or, it can be a page with a nasty or humorous message in it ("Nothing to see here folks. Move along!" or "You lookin' at me? You lookin' at ME?", etc.). It's odd that your host won't let you set up a .htaccess file with Options -Indexes. That's the normal way. Either way, any directory without an "index" file (as defined by your hosting service) is vulnerable to being browsed (files listed and displayed). Link to comment Share on other sites More sharing options...
sarafina Posted April 30, 2010 Author Share Posted April 30, 2010 ^Still getting the error 500. I have installed ultimate seo urls if that helps. For now I have added a blank index.html file in those directories but I'd like to have a better solution. Would it help if I posted my .htaccess file? Contributions installed: Purchase without Account / STS/ All Products/ Header Tags Controller Link to comment Share on other sites More sharing options...
♥mdtaylorlrim Posted April 30, 2010 Share Posted April 30, 2010 My host said they don't allow the directive Options in .htaccess files so maybe thats why? Tell them to put it in their httpd.conf file then. Any decent server administrator is going to do that anyway. If they won't then consider changing hosts. If you are not up to that then run a scan on the server and see what other stupid stuff they are doing... Community Bootstrap Edition, Edge Avoid the most asked question. See How to Secure My Site and How do I...? Link to comment Share on other sites More sharing options...
MrPhil Posted May 1, 2010 Share Posted May 1, 2010 The 500 error could be saying, "I don't like something in the .htaccess file." (maybe a forbidden command such as Options) If your host doesn't let you put Options -Indexes in your .htaccess file, 1) don't put it in (is it generating the error?) 2) ask your host why they won't let you do this. Link to comment Share on other sites More sharing options...
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.