controlling display of directories on new server
Posted: Sat 28 Feb 2009 12:22
If you are moving your web site across to the new BCA server, there is one item you particularly ought to check. The new server has been set up with the default operation that if a directory does not contain an index file (e.g. index.html and variants) then when it is given the URL of the directory it will display a listing of all the files in that directory.
This is sometimes very useful, but it is also a potential security hazard - especially if you have the bad habit of leaving files in a directory that you dont want anyone to see. If you would prefer the server not to allow access to URLs where an explicit file name is not given, then either
1) you need to add the following directive to an appropriately-placed .htaccess file.
Options -Indexes
or 2) you need to put an index.html file in the directory. It neednt contain any text, other than whatever friendly error message you wish to include.
This is sometimes very useful, but it is also a potential security hazard - especially if you have the bad habit of leaving files in a directory that you dont want anyone to see. If you would prefer the server not to allow access to URLs where an explicit file name is not given, then either
1) you need to add the following directive to an appropriately-placed .htaccess file.
Options -Indexes
or 2) you need to put an index.html file in the directory. It neednt contain any text, other than whatever friendly error message you wish to include.