: Keep visitors out of server directories and redirect The web application I use (Zenphoto) stores images in /albums and subfolders. It's backend needs r/w-access to those folders and I need r/w-access
The web application I use (Zenphoto) stores images in /albums and subfolders. It's backend needs r/w-access to those folders and I need r/w-access to the folders via ftp, but the frontend never looks into /albums.
Now I want to keep visitors from directly accessing /albums and all subalbums
I did a lot of research and found that a .htaccess in /albums with deny from all would accomplish that. However, I would prefer a redirection to my 404 page. What I made from a similar use case is I could do that in my root's htaccess. I added
RewriteRule ^albums/.* /404 [R,NC]
Because the similar usecase was very different in terms of motivation, my questions are:
Is it an appropriate solution?
Does it really accomplish what I want or can it be circumvented?
More posts by @Shelton105
1 Comments
Sorted by latest first Latest Oldest Best
The problem with redirecting on a 404 is that depending how the back-end functions may also receive a 404, for ultimate protection your best:
chmod 744 or something on the folder
disable file listing
block folder in robots.txt
make a blank index.html
Use meta noindex, nofollow within the index.html for example protection.
Using the above then its very unlikely they will guess the file names, its not something bots really do. Additional measure could be using a passwd .htaccess based authentication system but this could be over kill. Remember if they can't see the files they can't access them without knowing the file name and if the file-names are long its just as GUESSING a extremely large password - It won't happen.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.