Block directory listing in Apache

0

I'm developing a website where I have an administrative panel that is accessed only by those who have access. in the pages of the administrative panel, I made the validation that verifies that the user is logged in as admin to access the page. For example, if any other user attempts to access directly through the URLsname.com/administrative/users, they will be redirected to the homepage. However, if I just type in the address bar: nomedosite.com/administrativo, it brings me a listing of all the files I have in the folder. How to prohibit this, so that when accessing the folder that has the files the user is redirected, and not only when accessing the page?

    
asked by anonymous 16.04.2016 / 23:13

1 answer

3

First of all the fact that folders appear is not a problem with code php , your http server (maybe it's an apache) is with the Indexes parameter (if it's an apache) enabled which can be a security in many cases.

You have two options if you have access to the settings of your web server, remove the Indexes parameter where the directory of your web files is

Example:

<Directory /var/www/>
        Options Indexes FollowSymLinks
        AllowOverride None
        Require all granted
</Directory>

Switch to:

<Directory /var/www/>
        Options FollowSymLinks
        AllowOverride None
        Require all granted
</Directory>

Alternatively, you can put a .htaccess in the directory in question with the following line:

Options -Indexes

On the redirection you also have some options, you can create an index.html or index.php that simply redirects everyone that connects in your directory, another alternative is to use .htacess again, see several examples here

    
16.04.2016 / 23:36