SmartFAQ is developed by The SmartFactory (http://www.smartfactory.ca), a division of InBox Solutions (http://www.inboxsolutions.net)

Why should there be an index.html in all my directories?
  Requested by Carnuke and Answered by Mithrandir on 2004/11/2 11:05:23     11387  reads 
All directories, which should not be accessed directly via an URL, should hold an index.html with HTML code to return the visitor to the previous page.

If this is not done, there is a possibility that the directory content (the files) will be listed and potentially opening up for misuse of e.g. images, files for download or script files that are not intended to be accessed directly.


The comments are owned by the author. We aren't responsible for their content.
user

 Index.html files


Hi

I am currently trying to work through the whole protection of the files and site.

Do I need a index.html file in the top level? I assume not because it is directly accessing the site from a url.

Thanks

Rich

 
user

 Re: Index.html files


Richard,

Thats a good question! I once had my site hacked by someone putting an index.html in my root (with the usual profanities) On deletion I decided to put my own index.html with a redirect to index.php, ie the proper home page.

 
user

 Re: Index.html files


Hi

Just thought I would post some code for a redirect page. If any can improve on this post it here!

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>Redirect Page</title>
</head>
<body>

<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.yourownurl.com/index.php">

</body>
</html>

Thanks

Rich

 
user

 Re: Index.html files


I believe this answer is valid only if the directory is accessed blindly. If the file name is known or guessed then this has no effect at all. If directory protection is the aim then .htaccess the the correct way to protect the directory.

 
user

 Re: Index.html files


.htaccess settings won't protect from users guessing or accessing known files. The directories/files do need to be accessed by XOOPS so you can't do a total lockdown in .htaccess -- the best you could do is disable directory browsing in .htaccess, which is the same index.html does.

Also, index.html will work with IIS and Apache and other web servers (assuming the default file is set appropriately.) .htaccess is particular to Apache only.

 


Login

Who's Online

77 user(s) are online (1 user(s) are browsing XOOPS FAQ)


Members: 0


Guests: 77


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Aug 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Did you know ?

You can solve problems for users who cannot post or login by disabling the HTTP referrer check (or by users allowing referrer information through the firewall).

Random question

What is RSS?