Block access to subfolders in the URL (WordPress) from the 403 forbidden

1

I hope my question is clear:

I have already seen images uploaded by Amazon CloudFront that have their "differentiated" URL for images and blocks all subfolders of the path if the user tries to access. I explain.

URL displaying the image: dyqnik0vds4aw.cloudfront.net/uploads/blog/imagem/900/imagem.jpg

If we remove the image.jpg , for example, it displays the following message:

    This XML file does not appear to have any style information associated with it. The document tree is shown below.

<Error>
<Code>AccessDenied</Code>
<Message>Access Denied</Message>
<RequestId>0A1B7A4F06A544B7</RequestId>
<HostId>
HAvQCyWqXGr6xFPOA4IIZPWudC+TSxyBnjQyMitrHu5cQ9eBk6zbFrHWY82xvMVREzYbnWCtU5g=
</HostId>
</Error>

That is, if the user tries to access any other subfolder of the image path it is blocked.

However, I'm using WordPress to create a website, when an image is uploaded by default, it has the URL site.com/wp-content/uploads/2018/02/imagem.png . If the user exits /2018/02/imagem.png (in this case, accessing site.com/wp-content/uploads/ ) the INDEX OF page appears and you can access some folders, what you would like to avoid if possible.

Anyway, I wonder if I can block / hide the image path the way Amazon CloudFront blocks your links.

             ----------------------- *edited* -------------------------------

After a while playing with websites and seeing several things here in SOPT, in the opera summary, what I want is to create a 403 forbidden page which, in addition to blocking the WordPress folders, is a custom page.

I think it would only increase the response of @Almeida below.

    
asked by anonymous 24.03.2018 / 18:28

2 answers

1

Well in my case, I did this on my site but I do not use wordpress, but I advise you to create a file called .htaccess in the root folder of your server and create custom error pages like 404, 403 (access prohibited) between other, done these processes, you will open your htaccess file and will insert this:

###### Regras básicas de reescrita, parar desnecessários bot PERL, bloquear diretórios de subversão

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^(.*/)?\.svn/ - [F,L]
ErrorDocument 403 "Acesso proibido"



###### PROTEGER ARQUIVOS E DIRETÓRIOS
<FilesMatch "(\.(engine|inc|info|install|module|profile|po|sh|.*sql|theme|tpl(\.html)? |xtmpl)|code-style\.pl|Entries.*|Repository|Root|Tag|Template)$">
Order allow,deny
</FilesMatch>


###### BLOQUEIO LISTAGEM DE DIRETÓRIOS

<IfModule mod_autoindex.c>
    Options -Indexes
</IfModule>
    
24.03.2018 / 19:36
1

@vulgogandini

Yes, this depends on the needs, I currently in a particular way I'm using in all subversion folders, that is the index of, so a simple command in your .htaccess file

Basic rewrite rules, stop unnecessary PERL bot, block subversion directories

COMMAND:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^(.*/)?\.svn/ - [F,L]
ErrorDocument 403 "Acesso proibido"'

remembering that your server should be enabled ifModule mod_rewrite.c to work

result after putting the code in the file, this is: 403 forbiden this is because you are denying everyone access to all index of folders

see a site that I set up specially for this occasion as a template: link

In this case if I try to access the directory "assets" index of which is my folder inside my server, it returns me the access denied. see:

link

    
19.05.2018 / 22:27