Apache redirect when users home directory is completely empty.

Question

I work for an ISP and I have a server with thousands of users 10MB of free storage. They get this free storage with every e-mail account they have with us. An example of a users storage address: http://users.example.com/~username/

One problem I can see is scanning the server for user names to see what accounts are available, basically getting a list of all our customers valid e-mail addresses. This would be very, very bad.

So I'm wanting to redirect to our homepage if someone comes across a users account that is empty (I'd say 90% of them are completely empty). I also do not want to simply -Indexes them and use a custom 403 because the few customers that do use them, want +Indexes.

I know I can always just tell the customers to put a htaccess file in their directory with Options +indexes if they want directory listing, but that's a last resort.

How can I make it pretty much impossible to tell what accounts are on the server but not in use at all?

Answer 1

I can't see a way to do this with Apache rules alone - and even if, it would be pretty expensive, scanning for files on every incoming request.

I would build a script that puts the appropriate .htaccess file, redirecting to your home page, into every completely empty account.

Maybe run it hourly, and make users aware that if they populate a directory for the first time, it may take up to an hour until their changes take place? I think that would be a reasonable time frame.