Re: Protecting dirs

From: JiaQuan Ma (Jiaquan@drexel.edu)
Date: 09/01/01

• Previous message: JiaQuan Ma: "Re: Protecting dirs"
• In reply to: Thomas Jespersen: "Re: Protecting dirs"
• Next in thread: Jay D. Dyson: "Re: Protecting dirs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Message-ID: <003201c1331f$f21f8800$5d79fea9@mcs.drexel.edu>
From: "JiaQuan Ma" <Jiaquan@drexel.edu>
To: <security-basics@securityfocus.com>
Subject: Re: Protecting dirs
Date: Sat, 1 Sep 2001 15:54:40 -0400

My suggestion to you is change the permission recursively, 701 to folders
(execute), and 704 to files (read). Because they don't have permission to
read that folder but go through, so they won't be able to list the contents
of that folder and its sub-directories. Otherwise, people will be able use
ftp software to know what files you have on the server. Another thing to do
is create a re-direct HTML file "index.html", so they will be re-direct to
that page once they visit that folder. You can just save the following code
to index.html and it will work for you.

<HTML>
<HEAD>
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://www.yourdomain.com">
</HEAD>
<BODY>
</BODY>
</HTML>

Best Regard,

JiaQuan Ma
Sophomore Student
Dept. of Mathematics and Computer Science
Drexel University

----- Original Message -----
> "Max Mouse" <max_mouse@sympatico.ca> writes:
>
> > I want to prevent users from being able to list some directories, such
as an
> > images dir. What's the best way to handle this using apache 1.3.17?
>
> Users on your server, or users from the web ?
>
> From the web try something like:
>
> <Directory /your/image/directory/>
> Options -Indexes
> </Directory>
>
> in srm.conf
>
> Another alternative is to put a dummy 'index.html' in the image
> directory.
>
> On your local server, you could change the owner to "nobody" or
> whatever user the server run as, and set permissions like this:
>
> drwx------ 2 nobody nobody 512 Aug 31 11:22 images/
>

----------------------------------------------------
NetZero Platinum
Sign Up Today - Only $9.95 per month!
http://my.netzero.net/s/signup?r=platinum&refcd=PT97

---

• Previous message: JiaQuan Ma: "Re: Protecting dirs"
• In reply to: Thomas Jespersen: "Re: Protecting dirs"
• Next in thread: Jay D. Dyson: "Re: Protecting dirs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Problem viewing uploaded images using ASP.NET ... "I can post images with FTP and the uploadform" - ... one might describe a car problem to a mechanic ... you are experiencing some sort of permission issue. ... that folder," but again, I can't assume that until I know specifically what ... (microsoft.public.dotnet.framework.aspnet) RE: Documentation of servers, directories, software ??? ... If the parent folder has the proper permission and you have configured the ... Microsoft Global Technical Support Center ... we just lost track of that the end users put on on the server. ... (microsoft.public.windows.server.migration) Re: How to remove virtual path from root url of dev web server? ... Why do you develop in the root of your development server? ... the possibility of having additional applications in your server. ... > even folder where a page ran from to have a images subfolder with the images in there. ... (microsoft.public.dotnet.framework.aspnet) Re: problems creating a guestbook! ... >> Your images are huge! ... the server does not ... >> have FrontPage extensions installed. ... to be just a folder. ... (microsoft.public.frontpage.client) Re: always being prompted for username/password??!!?? ... My guess is that you're lacking either NTFS read permission on the ... folder or file that you are trying to access has the apropriate NTFS ... I have a win2k3 server box and winxp box on a network - very ... (microsoft.public.inetserver.iis.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)