views:

49

answers:

3

I want to stop people from viewing the contents of my images directory. I've built an app using Codeigniter and notice that they just have index.html pages with a 403 Forbidden message in all directories - is this a secure method to use? Is an index.html page in the directory sufficient or do I need to update config or .htaccess?

+1  A: 

The index.html should be enough and secure, but it is not really a clean solution, because it is not actually returning a error message, it is probably still returning HTTP 200 and then showing the html page with error 403.

The clean solution would be adding

Options -Indexes

to the .htaccess file.

Brutos
+1  A: 

In general you need more than just an index.html, depending on you server configuration you can still get a directory listing. None of the files in the directory will be protected either.

Your best bet is to do al of the above, update the server config to limit access and also set policy via .htaccess if that is appropriate. Finally, if you don't want it to be served it really should not be part of the directory structure being published by the server.

Ukko
+3  A: 

The .htaccess solution should work if you're comfortable using it.

Options -Indexes

If you are on a shared host with cPanel, you can change your settings in Index Manager

Cpanel - Index Manager

Sid