Matt Posted February 28, 2015 Share Posted February 28, 2015 Larry, I created the .htaccess file you provide on page 70. I put it in the includes directory and it does prevent browsing the directory, however it also am getting an error: You don't have permission to access /inc on this server. Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request. Why is it giving an error? I don't want it to handle the request. I want it to not allow people to browse the directory. Is there anything I can do to stop this? Thanks, Matt Link to comment Share on other sites More sharing options...
Larry Posted February 28, 2015 Share Posted February 28, 2015 From what you describe, it's working. It's handling the request (it has to handle the request) but it's not allowing people to browse the directory. It sounds like what you want now are error documents that Apache can use to display instead of that generic message. Link to comment Share on other sites More sharing options...
Matt Posted March 5, 2015 Author Share Posted March 5, 2015 Thanks for the help Larry! I had another question. I have been putting my ajax files in the "inc" directory, and since I added the .htaccess file to prevent directory browsing, a side consequence of this is that I can't call the ajax files with javascript any more. What I did was create another directory called "ajax" and put all the php files for handling ajax requests in there. Is this the best way to fix this problem? What do you recommend doing in this situation? Thanks again, Matt Link to comment Share on other sites More sharing options...
Larry Posted March 6, 2015 Share Posted March 6, 2015 Your Ajax files, endpoints for Ajax requests, shouldn't be in an includes directory because they aren't included. They are effectively publicly available pages. Yes, I'd put the Ajax file in a separate directory. Link to comment Share on other sites More sharing options...
Matt Posted March 8, 2015 Author Share Posted March 8, 2015 Larry, Thanks for the advice! I wasn't thinking when I did that, and I looked at the Javascript/Ajax section of the E-Commerce book and you actually use a folder called "ajax". Sorry for not checking that! Link to comment Share on other sites More sharing options...
Matt Posted March 11, 2015 Author Share Posted March 11, 2015 Larry, I was thinking about protecting directory browsing on the site as a whole and what I've learned is that you can put the following into the top level .htaccess file: Options -Indexes In the folders where I don't want to allow file access at all (i.e. inc, utilities, etc...) I thought I could add the rest of the settings you have in the book. What's the best way to approach this? Thanks, Matt Link to comment Share on other sites More sharing options...
Larry Posted March 18, 2015 Share Posted March 18, 2015 Setting it in the top level makes it a global default, which is fine, but I'd be inclined to adjust the settings in each directory, to be both safe and specific. Link to comment Share on other sites More sharing options...
Matt Posted March 22, 2015 Author Share Posted March 22, 2015 Larry, Thanks for your help! So I should put a .htaccess file in each folder where I want to change a setting? Setting it in the top level makes it a global default, which is fine, but I'd be inclined to adjust the settings in each directory, to be both safe and specific. That makes sense! Thanks again, Matt Link to comment Share on other sites More sharing options...
Recommended Posts