security and permissions

[veenasv]

Hi,

My web page runs on Apache web server with PHP as the scripting lnaguage and Postgresql as the database.

http://protein.nsls.bnl.gov

If I type in some directory name which is under my document root, I am able to list all the files inthat directory. I don\'t want anybody to have access to my files except for browsing different pages. How can I restrict this? Where do I have to set the permission?

I don\'t know how to do this. Also, if I goto a specific directory in my web page, it should be default show the main page under that directory. How to do this?

I hope I am clear.

[LAMP]

The answer to your second question is found in your httpd.conf file:

# 

# DirectoryIndex: Name of the file or files to use as a pre-written HTML

# directory index.  Separate multiple entries with spaces.

#

If there is nothing below this in *your* httpd.conf, hit me back here and I\'ll show you mine

 

As for the other question, I *think* that if you\'ll remove the \"Indexes\" option from this:

#

# Note that from this point forward you must specifically allow

# particular features to be enabled - so if something\'s not working as

# you might expect, make sure that you have specifically enabled it

# below.

#



#

# This should be changed to whatever you set DocumentRoot to.

#

<Directory "/usr/local/www/data">



#

# This may also be "None", "All", or any combination of "Indexes",

# "Includes", "FollowSymLinks", "ExecCGI", or "MultiViews".

#

# Note that "MultiViews" must be named *explicitly* --- "Options All"

# doesn\'t give it to you.

#

   Options Indexes FollowSymLinks MultiViews

--- you should be able to get the result you want. Haven\'t tried it myself, though....