How do you prevent a site from being exposed?

[hugh90]

My site is in .php

How do you stop from raw files showing? The files of my site show up if I (for example) go to www.site.com/folder/folder. How do I prevent this situation so the raw files doesn't show up?

Most sites when you go to www.site.com/folder/folder you end up on a normal webpage, but mine shows the raw files. :(

Some sites stop this from happening to their site and protect it, can you please tell me how to stop it too?

I'm a newbie. :|

Thanks :)

[mainewoods]

just add a file called index.htm to that directory and then it will just show that file and that file can have a meta-refresh in it to go elsewhere.

[hugh90]

[quote author=mainewoods link=topic=103870.msg413950#msg413950 date=1155311340]
just add a file called index.htm to that directory and then it will just show that file and that file can have a meta-refresh in it to go elsewhere.
[/quote]

So that means adding an index.htm manually in every folder/directory? Isn't there a way that can stop this at once? A quick fix code or the way to url my php’s so that it is permanently stable without manually adding an index.htm with every folder.

Thank you

[mainewoods]

you may be able to add a .htaccess file to your top directory that would solve the problem, I'm not sure of the syntax though.

[mainewoods]

http://www.javascriptkit.com/howto/htaccess11.shtml

[hugh90]

Hi thanks i've added it, and it works but it just shows the same Directory Listing but without my raw files (which is a good thing)  But it looks very unprofessional, so how can I completely stop the Directory Listing page from showing, hopfully with an error page or a redirect back to the main page.

Can this be achieved through .htaccess?

[mainewoods]

potentially through the mod_rewrite feature of .htaccess which is a complicated subject and I can't help you with that.

[simcoweb]

Truthfully the best way is to put an index.htm file in each one ( or index.shtml, index.php, index.html.. it just needs to be an index file) since doing via .htaccess just puts more strain on the server everytime someone attempts to hit one of your folders.

Or you can pick up a little utility that not only prevents them from viewing your unprotected folders but logs their IP, redirects them to the page of your choice, and allows you to ban IP's if needed. Check out:

[url=http://www.templatedepot.com/snoop-catcher.htm]http://www.templatedepot.com/snoop-catcher.htm[/url]

[corbin]

I would make directory listings unavailable where it would generate uhhh 403 (?) errors... then you could just use an appropriate error document... Possibly having it redirct the user to /index

[hugh90]

[quote author=corbin link=topic=103870.msg414015#msg414015 date=1155317250]
I would make directory listings unavailable where it would generate uhhh 403 (?) errors... then you could just use an appropriate error document... Possibly having it redirct the user to /index
[/quote]

Yeah but how would I do this? I don't know, can you please explain how to do this?

[simcoweb]

It's not that hard.

1. create a custom error page ( I make mine look like the rest of the site with menus and everything. Like this: http://www.templatedepot.com/no-page-here.htm )

2. edit your .htaccess file with this:

ErrorDocument 403 http://www.yoursite.com/403.htm
ErrorDocument 404 http://www.yoursite.com/404.htm
ErrorDocument 500 http://www.yoursite.com/500.htm

Those are the most common errors.