Website, can people search my directory? Please help

Discussion in 'Web Design and Development' started by TheReef, Sep 30, 2007.

  1. TheReef macrumors 68000

    TheReef

    Joined:
    Sep 30, 2007
    Location:
    NSW, Australia.
    #1
    Say I have a website, and in the directory I have files that I don't want people to see…I can't password protect them because they are linked to other sites.

    If somebody knows my URL (Which many do), are they able to use some sort of scanning software to discover the whole structure of my directory?

    eg

    www.mysiteyyyyy.com/folder1/folder2/mystuff

    Could people, without knowing the above URL, be able to find mystuff?

    Thankyou.
     
  2. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #2
    Generally no, unless you set it up so people can see it. With the Apache web server you can setup directory views so folders without a index.html page will show the contents of that folder. For most part you should be OK unless you have links to the things you're hiding.
     
  3. TheReef thread starter macrumors 68000

    TheReef

    Joined:
    Sep 30, 2007
    Location:
    NSW, Australia.
    #3
    Thankyou for your reply.

    I understand that if somebody knows the url of that file, then they will know the url of all the folders that it is nested in. I already have files that people know the directory too, and so they can expore the contents of those folders.

    Say I create a new folder at the lowest level, there won't be any way for them to find this new folder will there, if I have an index file which is the home page to my site?

    EDIT: I think what I'm asking, is there any sort of apache syntax you can put in the URL, to display the folder structure of the whole server (even with an index file), and thus discovering folders that I wish to be hidden from pople?
     
  4. CanadaRAM macrumors G5

    CanadaRAM

    Joined:
    Oct 11, 2004
    Location:
    On the Left Coast - Victoria BC Canada
    #4
    They could also bruteforce it, trying combinations like "mystuff" "private" "1" "2" etc.

    The best way to deal with allowing access to a folder for one and only one other website, is through the HTACCESS file -- google for instructions on Referrer settings -- I believe you can make it so that the folder will respond only to specific IP addresses.
     
  5. TheReef thread starter macrumors 68000

    TheReef

    Joined:
    Sep 30, 2007
    Location:
    NSW, Australia.
    #5
    Thankyou very much, that helped a lot, and I have set up HTACCESS accordingly.
    One problem though, in the require field (for users I wish to let in), I can't leave it blank (I don't want any sort of user-password protection because access is now defined by IP).

    What should I put in the require field to make it "blank" ?
     

Share This Page