Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Website, can people search my directory? Please help

TheReef

TheReef

macrumors 68000
Original poster
Sep 30, 2007
1,888
167
NSW, Australia.
Say I have a website, and in the directory I have files that I don't want people to see…I can't password protect them because they are linked to other sites.

If somebody knows my URL (Which many do), are they able to use some sort of scanning software to discover the whole structure of my directory?

eg

www.mysiteyyyyy.com/folder1/folder2/mystuff

Could people, without knowing the above URL, be able to find mystuff?

Thankyou.
 
Generally no, unless you set it up so people can see it. With the Apache web server you can setup directory views so folders without a index.html page will show the contents of that folder. For most part you should be OK unless you have links to the things you're hiding.
 
Thankyou for your reply.

I understand that if somebody knows the url of that file, then they will know the url of all the folders that it is nested in. I already have files that people know the directory too, and so they can expore the contents of those folders.

Say I create a new folder at the lowest level, there won't be any way for them to find this new folder will there, if I have an index file which is the home page to my site?

EDIT: I think what I'm asking, is there any sort of apache syntax you can put in the URL, to display the folder structure of the whole server (even with an index file), and thus discovering folders that I wish to be hidden from pople?
 
They could also bruteforce it, trying combinations like "mystuff" "private" "1" "2" etc.

The best way to deal with allowing access to a folder for one and only one other website, is through the HTACCESS file -- google for instructions on Referrer settings -- I believe you can make it so that the folder will respond only to specific IP addresses.
 
Thankyou very much, that helped a lot, and I have set up HTACCESS accordingly.
One problem though, in the require field (for users I wish to let in), I can't leave it blank (I don't want any sort of user-password protection because access is now defined by IP).

What should I put in the require field to make it "blank" ?
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back