Jump to content

Preventing Access to Directory Path From Client Browsers

parka

By parka
in Apache HTTP Server

 Share

Recommended Posts

parka Member

parka

Posted
Posted

How can I prevent access to a directory when users type in the URL address?

 

E.g. Users should be redirected back to homepage when accessing, let's say, the 'inc' directory.

- webpage.com/inc

- webpage.com/inc/login_user.php

- webpage.com/inc/data/registration.php

 

But I would need the PHP scripts to be able to access the 'inc' folder because the processing files are there.

 

I tried mod_rewrite, but it would redirect the address with everything appended behind.

If I try to access "http://webpage.com/inc/somefile.php", I would get redirected to "http://webpage.com/somefile.php". It should be redirected to "http://webpage.com" instead. Wondering if it's the right place to use mod_rewrite

 

Thanks in advance for any help.

 

 

Link to comment
Share on other sites
parka Member

parka

Posted
  • Author
Posted 

RewriteRule / http://localhost

 

I'm using the above rewriteRule.

 

It seems that I won't be able to do any processing because I can't reach my processing PHP files.

E.g. When I try to login with name and password, I'll get redirected back to the same page, with nothing happening.

 

If I were to just put a "index.php" file in every directory, does that solve anything? It might be harder for intruders to understand the directory structure. If the intruders type in something like "http://webpage.com/inc/login.php", they will get a blank document parsed back.

 

I'm just worried about security.

Link to comment
Share on other sites
wildteen88 Regular Member

wildteen88

Posted
Posted

Place a .htaccess file in your inc directory and use the following:

order allow,deny
deny from all

 

This will prevent anyone from accessing yoursite.com/inc or yoursite.com/inc/somefile.php

 

This will not stop your PHP scripts from working. PHP does not use Apache when including files via include/require. PHP will use the filesystem defined by the operating system.

Link to comment
Share on other sites
parka Member

parka

Posted
  • Author
Posted

It seemed when I used "deny from all" in .htaccess file, the page won't be able to call up the processing files inside the "inc" folders.

 

I'll get a 500 Internal server error.

 

The most drastic measure I guess would be to put the "inc" folder outside of the web folder. That will require rewrite for quite some code.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.