Block directory listing in Apache

Asked

Viewed 7,287 times

1

I am developing a website where I have an administrative panel that is accessed only by those who have access. on the admin panel pages, I did the validation that checks if the user is logged in as admin to access the page. For example, if any other user tries to directly access the.com/administrative/user URL, it will be redirected to the home page. However, if I just type in the address bar: nomedosite.com/admin, it brings me a list of all the files I have in the folder. How to prohibit this, so that when accessing the folder that has the files the user is redirected, and not only when accessing the page?

php apache

  • Via htaccess you can’t do this?

  • Good tip, hadn’t tried yet. I’ll try to use.

1 answer

5


First appearing folders is not a code problem php, your http server (maybe an apache) is with the parameter Indexes (if it is an apache) enabled what can be a security hole in many cases.

You have two options if you have access to your web server settings remove the parameter Indexes where is the directory of your web files

Example:

<Directory /var/www/>
        Options Indexes FollowSymLinks
        AllowOverride None
        Require all granted
</Directory>

Switch to:

<Directory /var/www/>
        Options FollowSymLinks
        AllowOverride None
        Require all granted
</Directory>

Another alternative is to put a .htaccess in the directory concerned with the following line:

Options -Indexes

About redirecting you also have some options, you can create an index.html or index.php that simply redirects everyone who connects in this your directory, another alternative is to use the .htacess again, see several examples here

Browser other questions tagged php apache

You are not signed in. Login or sign up in order to post.