Best way to restrict direct access to files and folders?

syd430 · February 2011

I need to prevent users from gaining direct access to directories or files, e.g. www.mysite.com/vanilla/applications/ or ...vanilla/plugins etc, but obviously still need the forum be able to run as an application as a whole.

I tried to add a .htaccess in each folder (applications, plugins etc), and add something like this (and other similar commands):


<Files *>
    Deny From All
</Files>

But it tends to break certain parts of the forum.

Could anyone recommended the best way to force 403 forbidden when a user is trying to directly access directories in Vanilla?

Also I dont want to use something as simple as IndexIgnore *, as this is not adequate because the file locations are easy to guess.

Thanks

UnderDog · February 2011

I know some CMS systems that put an index.html file inside those directories and put something simple like a blank page inside that index.html file. Or a "go back to history -1 javascript call", but some browsers might not have javascript enabled.

I can't explain why, but I've seen these 2 lines in .htaccess files for the same purpose as you request.

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d

It came from this url:
http://www.htaccesselite.com/d/htaccess-errordocument-examples-vt11.html
AND of course information from WordPress:
http://codex.wordpress.org/htaccess_for_subdirectories

tester13 · February 2011

Yeah, it looks very weird. But nothing dangerous as all PHP scripts first check that they are called properly and exit of not, as I understand.

syd430 · March 2011

I know some CMS systems that put an index.html file inside those directories and put something simple like a blank page inside that index.html file. Or a "go back to history -1 javascript call", but some browsers might not have javascript enabled.

ok thanks, ive mananged to get this now, turns out all you need is "Options -Indexes" in a .htaccess file in public_html folder or where you want to block access.

Still need help with this one though:

http://vanillaforums.org/discussion/15129/how-to-get-start-a-new-discussion-button-to-appear-even-when-viewing-as-a-guests

aery · March 2011

You should put

Options All -Indexes

in your htaccess file, only at the root will suffice.

I have written some of the mandatory things to do after installing Vanilla here.

Linc · March 2011

Nice post, @aery

aery · March 2011

Nice post, @aery

Thanks

Best way to restrict direct access to files and folders?

Comments