• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Delete all the index.html file "Directory access is forbidden." when using .htaccess

#11
(12-01-2018, 04:57 PM)Balenus Wrote: The files are not in a public folder, I'm protecting "application" and "CodeIgniter-3.1.9" inside a private folder that is protected by the .htaccess as suggested by the guide:

For the best security, both the system and any application folders should be placed above web root so that they are not directly accessible via a browser - https://www.codeigniter.com/user_guide/i...index.html

This comment of yours early on had me concerned and thinking you might not fully understand.
(11-30-2018, 02:26 PM)Balenus Wrote: I am already using .htaccess in top folder to make all directories tree completely forbidden to anyone (i.e. "Deny from all")

To me "top folder" implied the "public" folder.
Reply

#12
(12-02-2018, 09:05 AM)dave friend Wrote: To me "top folder" implied the "public" folder.

No, my structure is this one

Code:
index.php
--private
   --application
   --CodeIgniter-3.1.9
   .htaccess (to protect the entire "private" folder tree)
--public
  js / .css / img, etc. (all the static files are in the public folder)

Where -- means a folder

I'm sorry, I should have write this one down in the OP)
Reply

#13
(12-01-2018, 11:00 AM)Balenus Wrote:
(12-01-2018, 10:20 AM)jreklund Wrote: They protect from a miss configured sever. If you open an folder without a index.html file, it will display the content instead.

Like this:
http://mirror.imt-systems.com/centos/7/

It won't show the content if you have an .htaccess "Deny from all" in the folder or in the parent folder.


True until:
  • Someone accidentally (or ignorantly) changes the server and removes mod_authz_core. OR
  • mod_authz_core gets corrupted and fails to load during one of Apache's periodic restarts. OR
  • Someone thinks that "those files that start with a dot don't do anything" and can be deleted.

Do not scoff at these examples I have seen and had to fix all of them. You may know what you're doing but the next guy might not.
Reply

#14
(12-02-2018, 09:23 AM)dave friend Wrote:
(12-01-2018, 11:00 AM)Balenus Wrote:
(12-01-2018, 10:20 AM)jreklund Wrote: They protect from a miss configured sever. If you open an folder without a index.html file, it will display the content instead.

Like this:
http://mirror.imt-systems.com/centos/7/

It won't show the content if you have an .htaccess "Deny from all" in the folder or in the parent folder.


True until:
  • Someone accidentally (or ignorantly) changes the server and removes mod_authz_core. OR
  • mod_authz_core gets corrupted and fails to load during one of Apache's periodic restarts. OR
  • Someone thinks that "those files that start with a dot don't do anything" and can be deleted.

Do not scoff at these examples I have seen and had to fix all of them. You may know what you're doing but the next guy might not.

Far it form me to scoff a user who is donating some of his time to reply to my OP. Wink

True that when mod_authz_core is removed or fails the index.html files can give some protection.
Reply

#15
As long as we're talking about .htaccess, you all might find these two articles interesting

Don't Use .htaccess Unless You Must
Stop using .htaccess files! No, really.
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


Users browsing this thread:
1 Guest(s)


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2018 MyBB Group.