Hello, for example i have this url: http://localhost/miSite/uploads/ and by doing:
http://localhost/miSite/uploads/../includes/, this results in a directory (includes) linsting.
It'd be great if you could tell me a way to resolve this.
views:
49answers:
3
+3
A:
Directory Indexing
You can also use .htaccess to disable indexing, or Directory Browsing. By default, this option is turned on in the server's configuration files. To disable this, add this line to your .htaccess file:
Options -Indexes
Lizard
2010-07-05 16:14:22
Thanks a lot, it works.
jartaud
2010-07-05 16:26:00
If this solved the problem any chance of an acceptance of the answer for people who have the problem in the future. Thanks
Lizard
2010-07-05 17:36:19
+3
A:
The possibility of using relative references is not a real problem:
http://localhost/miSite/uploads/../includes/
resolves to
http://localhost/miSite/includes/
which can be addressed directly anyway. If you have sensitive files in there, you should move them outside the web root, or block the directory listing.
What would be a real problem is if the following would work:
http://localhost/../miSite/includes/
which would serve files outside the document root. But that will not happen with an up-to-date web server.
Unicron
2010-07-05 16:14:54
+2
A:
There's 3 things you can do, ranging from least secure to most secure.
- Disable indexes as proposed by @Lizard
- Make a rule in the htaccess file to deny access to folders people aren't allowed to access
- Move the files that shouldn't be accessed outside of the DocumentRoot.
Xeross
2010-07-05 16:18:21