Question concerning listing and protecting directories

Is directory listing turned off by default for protection on the windows servers?

Does the web site displays the ?Directory listing denied? error. ?

Is index.htm or index.html the only default document allowed.?

How do I protect a directory from external viewing, accessing, stripping.?

greetings from Holland

Liam
 
Larneman said:
  1. Is directory listing turned off by default for protection on the windows servers?
  2. Does the web site displays the ?Directory listing denied? error. ?
  3. Is index.htm or index.html the only default document allowed.?
  4. How do I protect a directory from external viewing, accessing, stripping.?

  1. Disabled by default, you can enable it from the control panel. I wouldn't call "security by obscurity" real protection :)
  2. Yes. You can customize error pages in the control panel.
  3. The standard order on Windows is something like default.htm, default.html, default.asp, index.html, index.htm, but it's fully customizable.
  4. You can just create a directory one level higher than your webroot. That makes it accessible for FTP, but safe from any HTTP access. There's also .htaccess support for Windows.
 
Yes, it has been this way for some time, use webshell to protect the folders/files.

But, it is ONLY protection, not traditional apache directives.
 
Stephen said:
Yes, it has been this way for some time, use webshell to protect the folders/files.

But, it is ONLY protection, not traditional apache directives.

Any chance of a more detailed explaination on the use of this option or is there a FAQ or a help sheet.? Not all the people that host here are computer experts.

Liam
 
Like Stephen said, use Webshell4 (available from the control panel as File Manager) to protect directories. It will help you set up a password file for various logins that have access, etc.

The .htprotect file that is created is very basic:
Code:
AuthType	basic
AuthName	"Secured area"
AuthUserFile	d:/hshome/yourlogin/.htmaster/.ok_user
Require	valid-user

The only thing you likely want to change here is the value of the AuthName directive. This determines the text on the password prompt you'll receive when trying to access the directory.

As far as I know, there's no support for any other Apache directives. I couldn't confirm this as there is no extensive documentation I know of, but even a basic Apache "Deny from all" doesn't work :)
 
And for the second time, THANKS, :p SubSpace. That is an explaination that a simple soul like me can use and needs.

greetings from a cold wet Ymuiden,

Liam
 
Thanks Stephen, I googled for ".htaccess for windows" and I should have been looking for "htProtect".

Thanks for the great help, to both of you.

greetings from Hoogwoud,

Liam
 
Back
Top