How can I protect my sub directories from being viewed?

Problems with the Windows version of XAMPP, questions, comments, and anything related.

How can I protect my sub directories from being viewed?

Postby dmphotography » 04. January 2009 18:12

Hey there,

I'm curious how I can keep someone from going to http://www.mydomain.com/subdirectoryname and seeing the contents of that folder.
Is there a way to set that and it won't interfere with something like a forum working properly? If so, where do I do it at?

And while I'm asking, what exactly is the .htaccess thing? I see it mentioned a lot, but what is it?


Thanks.
For great video and written tutorials and guides on creating your own web server and installing things such as forums, blogs, etc., visit http://myownhomeserver.com
dmphotography
 
Posts: 191
Joined: 15. December 2008 14:25
Location: Columbus, MS
Operating System: Windows 7

Re: How can I protect my sub directories from being viewed?

Postby Sharley » 04. January 2009 18:29

dmphotography wrote:how I can keep someone from going to http://www.mydomain.com/subdirectoryname and seeing the contents of that folder.
Just place a blank index.html file in the folder, or instead of a blank file, html code it so it redirects to your main index.html site file or put a message in the file explaining they have visited the wrong location and need to go to... "put a link to your main site's index.html file" - get the idea.
You can then simply copy and paste this blank index file into every folder on your web site that does not have one.

BTW this method is used by many forum, blog and cms scripts and can be checked out by looking in those folders like image, scripts, css etc. - you could even copy and paste one of those to your own folders. ;)
viewtopic.php?f=16&t=25990&p=10625

There are other more complex methods but by far the simplest and easiest is the above method.
dmphotography wrote:...what exactly is the .htaccess thing?
This file allows, on a directory by directory basis, server configurations that would normally be taken care of by the httpd.conf file which only allows configurations on a server wide basis.
http://httpd.apache.org/docs/2.2/howto/htaccess.html
User avatar
Sharley
AF Moderator
 
Posts: 3316
Joined: 03. October 2008 05:10
Location: Yeppoon, Australia Time Zone: GMT/UTC+10
Operating System: Win 7 Pro 32bit/XP Pro SP3

Re: How can I protect my sub directories from being viewed?

Postby dmphotography » 05. January 2009 06:13

Thank you Sharley!

I did notice those index files in subfolders recently after installing one of the many apps I was testing and now I know what that was about.

The htdocs thing is what I think I was looking for in particular, because with the correct settings, that will give someone the wonderful 403 Permission denied, correct?

** P.S. **
I figured out a great redirect script to send them back to the root directory. I just modified the one XAMPP installs in your htdocs folder.
Here's the code:
Code: Select all
<?php
   if (!empty($_SERVER['HTTPS']) && ('on' == $_SERVER['HTTPS'])) {
      $uri = 'https://';
   } else {
      $uri = 'http://';
   }
   $uri .= $_SERVER['HTTP_HOST'];
   header('Location: '.$uri.'/');
   exit;
?>
You're in the wrong folder, go back. >:-(


Just create a new text document with notepad and paste that in it, then save the file as index.php. Now just add it to every sub-directory and it'll send them back to the root directory when they try accessing any of the sub directories with that in it. Don't accidentally overwrite any existing index.php files. Skip those folders.
For great video and written tutorials and guides on creating your own web server and installing things such as forums, blogs, etc., visit http://myownhomeserver.com
dmphotography
 
Posts: 191
Joined: 15. December 2008 14:25
Location: Columbus, MS
Operating System: Windows 7

Re: How can I protect my sub directories from being viewed?

Postby Sharley » 05. January 2009 07:23

In that case you would use -indexes in your folder <Directory> directive in place of the indexes or the +indexes.
For example:
Code: Select all
<Directory "C:\xampp\htdocs" >
Options -Indexes FollowSymLinks Includes ExecCGI

Will give the desired 403 error message.

That 403 message can also be hand html coded in to the index.html file and have the index.html file have a look and feel of your site with added Google ads and other goodies to make it pay for example instead of an ugly system warning window - only seeding ideas here. ;)
User avatar
Sharley
AF Moderator
 
Posts: 3316
Joined: 03. October 2008 05:10
Location: Yeppoon, Australia Time Zone: GMT/UTC+10
Operating System: Win 7 Pro 32bit/XP Pro SP3

Re: How can I protect my sub directories from being viewed?

Postby dmphotography » 05. January 2009 17:37

Sharley wrote:That 403 message can also be hand html coded in to the index.html file and have the index.html file have a look and feel of your site with added Google ads and other goodies to make it pay for example instead of an ugly system warning window - only seeding ideas here. ;)


LOL, thanks! Haha.

Ok, I have one other challenge and since it no doubt pertains to a .htaccess file somewhere (can't find which lil booger is doing it), I need a little help getting this correct.

I followed http://community.apachefriends.org/f/viewtopic.php?f=16&t=20322&p=85560&hilit=+how+sub+domain+vhost+sub+domain+to+a+folder+vhost#p85560 (that's an old post!) and successfully configuring my sub-domain to go to the correct folder. But I have a small issue, because Joomla, which is in my root folder for the site, I think has denied folder access to my /phpBB/ folder. So after a little searching, I found a little snippet of code to add to my vhost file and all is well, until I set my sub-domain up.

Now with the following configuration, I can go to my subdomain, which is forums.mydomain.com and it works fine. But if I go to www.mydomain.com/phpBB/, I get the Error 500 about the CGI being overloaded and I know it comes down to that darn .htaccess file somewhere. So here's my info:

Code: Select all
<VirtualHost *:80>
    ServerName mydomain.info
    ServerAlias www.mydomain.info
    DocumentRoot "B:/xampp/mydomain"
    <Directory "B:/xampp/mydomain">
      Options +Indexes FollowSymLinks +ExecCGI
      AllowOverride AuthConfig FileInfo
                Order allow,deny
      Allow from all
</Directory>
</VirtualHost>

<VirtualHost *:80>
    ServerName forums.mydomain.info
    ServerAlias www.forums.mydomain.info
    DocumentRoot "B:/xampp/mydomain/phpBB"
<directory "B:/xampp/mydomain/phpBB" >
        Options Indexes FollowSymlinks Includes MultiViews Includes ExecCGI
        AllowOverride All
        Order allow,deny
        Allow from all
</directory>
</VirtualHost>


Now just prior to setting the sub-domain for it, I had to have this to access that folder:

Code: Select all
<VirtualHost *:80>
    ServerName mydomain.info
    ServerAlias www.mydomain.info
    DocumentRoot "B:/xampp/mydomain"
    <Directory "B:/xampp/mydomain">
      Options +Indexes FollowSymLinks +ExecCGI
      AllowOverride AuthConfig FileInfo
                Order allow,deny
      Allow from all
</Directory>
Alias/phpBB "B:/xampp/mydomain/phpBB"
<directory "B:/xampp/mydomain/phpBB" >
        Options Indexes FollowSymlinks Includes MultiViews Includes
        AllowOverride All
        Order allow,deny
        Allow from all
</directory>
</VirtualHost>

And that gave me access to the /phpBB folder. But I had to remove the Alias/phpBB "B:/xampp/mydomain/phpBB" once I created the sub domain, otherwise I got an error when I tried restarting apache.

I imagine the best answer is to find that pesky .htaccess file, but I honestly don't know which one out of several is doing it. I don't guess it's a big deal whether or not I solve this, because after all, I CAN reach it, but I'd like to figure out how to fix the little "kinks in the hose" so I can fix them in the future.

Thanks again!
For great video and written tutorials and guides on creating your own web server and installing things such as forums, blogs, etc., visit http://myownhomeserver.com
dmphotography
 
Posts: 191
Joined: 15. December 2008 14:25
Location: Columbus, MS
Operating System: Windows 7

Re: How can I protect my sub directories from being viewed?

Postby Sharley » 05. January 2009 23:24

Server 500 error - look in the xampp\apache\logs\error.log file for a clue, usually will tell you exactly what's wrong and possibly which .htaccess if any is giving you the pain.
User avatar
Sharley
AF Moderator
 
Posts: 3316
Joined: 03. October 2008 05:10
Location: Yeppoon, Australia Time Zone: GMT/UTC+10
Operating System: Win 7 Pro 32bit/XP Pro SP3

Re: How can I protect my sub directories from being viewed?

Postby dmphotography » 06. January 2009 11:46

Well well, that did the trick. It was the .htaccess file in the root folder of the forum. I guess I don't quite understand why you can go to it the way shown above, but can't go to it directly as mentioned above. The .htaccess only had two commands in it and they were to protect two files in that folder, so I'm not sure why it was effecting the rest. here's what was in the .htaccess:

Code: Select all
<Files "config.php">
Order Allow,Deny
Deny from All
</Files>

<Files "common.php">
Order Allow,Deny
Deny from All
</Files>


Now I have another forum with the same thing in the root folder and no problems, but it isn't a sub-directory either. I don't quite grasp it fully just yet to get what's the catch.
For great video and written tutorials and guides on creating your own web server and installing things such as forums, blogs, etc., visit http://myownhomeserver.com
dmphotography
 
Posts: 191
Joined: 15. December 2008 14:25
Location: Columbus, MS
Operating System: Windows 7

Re: How can I protect my sub directories from being viewed?

Postby Sharley » 06. January 2009 12:22

Alias/phpBB "B:/xampp/mydomain/phpBB"

Missing space between Alias and /phpBB - should be

Alias /phpBB "B:/xampp/mydomain/phpBB"

If you get a knock back when starting Apache always use the apache_start.bat file as it will give a more informative error message why it won't start.

Also if you want to check your httpd-vhost.conf file for any syntax errors like the above, open a command console window in xampp\apache\bin folder and issue the command apache -S
User avatar
Sharley
AF Moderator
 
Posts: 3316
Joined: 03. October 2008 05:10
Location: Yeppoon, Australia Time Zone: GMT/UTC+10
Operating System: Win 7 Pro 32bit/XP Pro SP3


Return to XAMPP for Windows

Who is online

Users browsing this forum: No registered users and 56 guests