Mobile app version of vmapp.org
Login or Join
Ravi8258870

: Having hard time to hide directories on my site i'm trying to hide some directories on my site by returning 404 not found error codes instead of forbidden, the problem is that the files in

@Ravi8258870

Posted in: #Apache #Htaccess

i'm trying to hide some directories on my site by returning 404 not found error codes instead of forbidden, the problem is that the files in the directory becomes not available to php.

how can i hide the directories by returning 404 error codes for them without making them unavailable to me also?

i have seen this in apple.com and facebook.com.

this is the code i'm using in .htaccess:

Options All -Indexes
RedirectMatch 404 ^/classes(/?|/.*)$
RedirectMatch 404 ^/css(/?|/.*)$


if it's not possible how can i hide them without returning 403 because wans a hacker sees 403 he will go make some coffee sit infront of his laptop and won't leave my site without some data.

EDIT:
this where i'v seen it images.apple.com/global/styles/

i'm not saying i want to hide very important stuff....

the important stuff are outside the web root, what i'm saying is i want to hide directories like this directory for example.

/media/
in this directory there are more than 800 directories in each directory there are more than 500 mp3's, how can i send 404 for all those directories but still be able to reach them through php or javascript, is that possible? and if not is denying access to all of this folders is my only solution?

10.01% popularity Vote Up Vote Down


Login to follow query

More posts by @Ravi8258870

1 Comments

Sorted by latest first Latest Oldest Best

 

@Murray432

"i have seen this in apple.com" Where exactly have you seen that? and how did you mentioned, if the directories are actually not available?

A folder for images or style sheets must be accessible by the client, otherwise no one can see your images, nor can the browser download the included style sheets. If you have files which are to be included only on the server-side (via PHP) put those files into directories below your web-/http-folder.

And why should any "hacker" be interested in viewing direcotries on your server, which are in the public web-folder? Did you read that somewhere? Just hiding anything does not add security.

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme