http://www.co-internet.net/net/articles/protectlistings.txt.html Protecting Your Server From Unwanted Directory Listings ------------------------------------------------------- by Dirk Brockhausen ------------------------------------------------------- When a URL is called which isn't pointing to a file but merely to a directory, the server will look for the default documents. These are defined in the server's configuration file. Let's look at a practical example. A visitor enter the following URL in his or her web browser: < http://yourdomain.com > The webserver will expand the URL, depending on configuration, to: < http://yourdomain.com/index.html > < http://yourdomain.com/index.htm > < http://yourdomain.com/default.htm > < http://yourdomain.com/home.htm > If none of the default documents is found, the web server will display the directory listing by default. This, of course, will inadvertently reveal document names to your visitor which can then be downloaded directly, e.g.: < http://yourdomain.com/private/private.html > To protect against this unwanted display, a common approach is to copy a default document into each directory, e.g. "index.html". The default document can be empty, even a file of 0 bytes will suffice. Instead, you may also configure the file to redirect the visitor via a meta refresh e.g. to your home page file "index.html" in the main directory. However, this protection measure is somewhat cumbersome, especially so if you have a multitude of directories to protect from snooping eyes. A better method consists of configuring the web server accordingly. Drawing on the Apache web server configuration file "httpd.conf", we will now explain how to set about this. old === ... Options Indexes FollowSymLinks MultiViews new === ... Options FollowSymLinks MultiViews Simply delete the option "Indexes", and you've solved the problem! The .htaccess Method -------------------- If you are on a system setup without access privilege to the web server but offering ".htaccess" functionality, the following entry in your ".htaccess" file will help you tackle the task: Options -Indexes Or, if you have already defined e.g. the Options: Options +Includes +ExecCGI -Indexes This rule applies to the directory in which the ".htaccess" is located as well as all subdirectories below. In this manner, you can restrict directory display on your virtual domain, even if the server wide configuration permits it. On the reverse side, this will also allow you to enable directory listing for specific directories, even if the the server wide configuration does not permit it. This can be useful in the case of directories featuring download files. In this case, your ".htaccess" should have the following entry: Options +Indexes To modify the order in which the files in a given directory will be displayed, you can use the following parameters. In the example below the listing of the main directory will be sorted: < http://www.yourdomain.com/?N=A > Ascending - Sort by file name (default) < http://www.yourdomain.com/?M=A > Ascending - Last modification date < http://www.yourdomain.com/?S=A > Ascending - Size < http://www.yourdomain.com/?D=A > Ascending - Description < http://www.yourdomain.com/?N=D > Descending - Sort by file name (default) < http://www.yourdomain.com/?M=D > Descending - Last modification date < http://www.yourdomain.com/?S=D > Descending - Size < http://www.yourdomain.com/?D=D > Descending - Description This text may freely be republished or distributed in unmodified form provided the following resource box is included intact either at the beginning or the end of the article and a complimentary copy or notice (link) is sent to the author at the address specified below: Ralph Tegtmeier is the co-founder and principal of fantomaster.com GmbH (Belgium), < http://fantomaster.com/ >, a company specializing in webmasters software development, industrial-strength cloaking and search engine positioning services. He has been a web marketer since 1994 and is editor-in-chief of fantomNews, a free newsletter focusing on search engine optimization, available at: < http://fantomaster.com/fantomnews-sub.html > You can contact him at mailto:fneditor@fantomaster.com (c) copyright 2002 by fantomaster.com All rights reserved. Downloaded at: < http://fantomaster.com/ >

How to Generate Fillertext Content For Your Phantom Pages and Shadow Domains Paid Search Engine Inclusion Programs – The Details (1) Paid Search Engine Inclusion Programs – An Overview Search Engine Index Flux and Rank Checking Cloaking For Google How to Get 100K Unique Search Engine Hits For Free Typos In Search Engine Optimization The Wisenut Framejob Decloaking Hazards – Why You Should Shun Caching Search Engines How To Recognize a Good Automatic Search Engine Submitter Building Doorway Domains for Optimized Search Engine Positioning Utilize the Local Versions of Yahoo! to Boost Your Online Search Exposure Choosing Domain Names For Search Engine Placement The Myth of Manual Search Engine Submission PDF Files – Your Undiscovered Gold Mine Keyword Density – More Than Meets the Eye Achieving Top Rankings With the Search Engines Amazon Burundi? The Search Engine Metaspam Infoseek-GO Spider Codes Debunked To WAP or Not to WAP Online Advertising Sinks Into the Abyss! Marketing to Today's “Distracted” Consumer Absolute Top Five Search Engine Marketing Myths Uncovered! Speed Kills on the Web! All Along the Digital Watchtower Growing your Company in today's Chaotic Market Achieving Tangible Results via Search Engine Marketing Driving qualified traffic using Directories Don't become .com Road Kill Branding on the Web is like Mining for Fools Gold Don't become .com Road Kill Ten Basic Steps for Building a Click-ready Web Site Building a Revenue-producing Ebiz Brand Bye, bye, Clonedike Branding, Sloganizing and Search Engine Marketing Make Your Site Accessible To the Disabled Module mod_rewrite: Rewriting URLs With Query Strings Making More Money By Lowering Your PPC Ranking Bids The Google Trap: A Warning Spam Fighter's Toolkit Easy Domain Migration To a New Unix Server Protecting Your Server From Unwanted Directory Listings Configuration of Cron Jobs For Automatic Search Engine Submissions Cloaking Meta Tags Cloaking and Security How to Use Invisible Text Without Being Penalized by the Search Engines How to Protect Email Addresses in Textarea Fields From Harvesters and Spammers Determine IPs' Geographical Location Code Protection Under Cold Fusion Module mod_rewrite. Module mod_rewrite Tutorial Special Directives and Examples