Jump to content
Larry Ullman's Book Forums
Sign in to follow this  
Matt

An Error With Prevent Directory Browsing .htaccess File!

Recommended Posts

Larry,

 

I created the .htaccess file you provide on page 70. I put it in the includes directory and it does prevent browsing the directory, however it also am getting an error:

 

You don't have permission to access /inc on this server.

 

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

 

Why is it giving an error? I don't want it to handle the request. I want it to not allow people to browse the directory. Is there anything I can do to stop this?

 

Thanks,

 

Matt

Share this post


Link to post
Share on other sites

From what you describe, it's working. It's handling the request (it has to handle the request) but it's not allowing people to browse the directory. It sounds like what you want now are error documents that Apache can use to display instead of that generic message. 

Share this post


Link to post
Share on other sites

Thanks for the help Larry!

 

I had another question. I have been putting my ajax files in the "inc" directory, and since I added the .htaccess file to prevent directory browsing, a side consequence of this is that I can't call the ajax files with javascript any more. What I did was create another directory called "ajax" and put all the php files for handling ajax requests in there. Is this the best way to fix this problem? What do you recommend doing in this situation?

 

Thanks again,

 

Matt

Share this post


Link to post
Share on other sites

Your Ajax files, endpoints for Ajax requests, shouldn't be in an includes directory because they aren't included. They are effectively publicly available pages. Yes, I'd put the Ajax file in a separate directory. 

Share this post


Link to post
Share on other sites

Larry,

 

Thanks for the advice! I wasn't thinking when I did that, and I looked at the Javascript/Ajax section of the E-Commerce book and you actually use a folder called "ajax". Sorry for not checking that!

Share this post


Link to post
Share on other sites

Larry,

 

I was thinking about protecting directory browsing on the site as a whole and what I've learned is that you can put the following into the top level .htaccess file:

Options -Indexes

In the folders where I don't want to allow file access at all (i.e. inc, utilities, etc...) I thought I could add the rest of the settings you have in the book. What's the best way to approach this?

 

Thanks,

 

Matt

Share this post


Link to post
Share on other sites

Setting it in the top level makes it a global default, which is fine, but I'd be inclined to adjust the settings in each directory, to be both safe and specific. 

Share this post


Link to post
Share on other sites

Larry,

 

Thanks for your help!

 

So I should put a .htaccess file in each folder where I want to change a setting?

 

Setting it in the top level makes it a global default, which is fine, but I'd be inclined to adjust the settings in each directory, to be both safe and specific. 

 

That makes sense!

 

Thanks again,

 

Matt

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...