SmartFAQ is developed by The SmartFactory (https://www.smartfactory.ca), a division of InBox Solutions (https://www.inboxsolutions.net)

Why should there be an index.html in all my directories?
All directories, which should not be accessed directly via an URL, should hold an index.html with HTML code to return the visitor to the previous page.

If this is not done, there is a possibility that the directory content (the files) will be listed and potentially opening up for misuse of e.g. images, files for download or script files that are not intended to be accessed directly.


The comments are owned by the author. We aren't responsible for their content.
user

 Index.html files


Hi

I am currently trying to work through the whole protection of the files and site.

Do I need a index.html file in the top level? I assume not because it is directly accessing the site from a url.

Thanks

Rich

 
user

 Re: Index.html files


Richard,

Thats a good question! I once had my site hacked by someone putting an index.html in my root (with the usual profanities) On deletion I decided to put my own index.html with a redirect to index.php, ie the proper home page.

 
user

 Re: Index.html files


Hi

Just thought I would post some code for a redirect page. If any can improve on this post it here!




Redirect Page








Thanks

Rich

 
user

 Re: Index.html files


I believe this answer is valid only if the directory is accessed blindly. If the file name is known or guessed then this has no effect at all. If directory protection is the aim then .htaccess the the correct way to protect the directory.

 
user

 Re: Index.html files


.htaccess settings won't protect from users guessing or accessing known files. The directories/files do need to be accessed by XOOPS so you can't do a total lockdown in .htaccess -- the best you could do is disable directory browsing in .htaccess, which is the same index.html does.

Also, index.html will work with IIS and Apache and other web servers (assuming the default file is set appropriately.) .htaccess is particular to Apache only.

 


Login

Who's Online

176 user(s) are online (1 user(s) are browsing XOOPS FAQ)


Members: 0


Guests: 176


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Oct 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Did you know ?

you can use 'cronjob' in CPanel to complete backups of your database.

Random question

What is a 'Shell'?