You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by paul johnson <p_...@hotmail.co.uk> on 2005/10/13 22:52:49 UTC
[users@httpd] index/directories leave me vulnerable
i have set up a simple guestbook php script. the index.php contains the
admin password and this file is quite freely available if someone just went
to the guestbook/ directory and downloaded the file..
is it possible to make it so people cant view directories/index's on my
site. ive spent a good while looking for information relating to this but i
cant find any.
_________________________________________________________________
MSN Messenger 7.5 is now out. Download it for FREE here.
http://messenger.msn.co.uk
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] index/directories leave me vulnerable
Posted by Joshua Kogut <jm...@gmail.com>.
Also, in your first <directory> "directive", turn off indexes, that should
stop the users from seeing an index. Again, as josh has said, just make sure
that php is parsing the file, and that index.php is set to be a directory
index, (like index.html)
On 10/13/05, Joshua Slive <js...@gmail.com> wrote:
>
> On 10/13/05, paul johnson <p_...@hotmail.co.uk> wrote:
> > i have set up a simple guestbook php script. the index.php contains the
> > admin password and this file is quite freely available if someone just
> went
> > to the guestbook/ directory and downloaded the file..
> >
> > is it possible to make it so people cant view directories/index's on my
> > site. ive spent a good while looking for information relating to this
> but i
> > cant find any.
>
> See:
> http://httpd.apache.org/docs/1.3/misc/FAQ.html#indexes
>
> But I think you have a deeper problem. Why is guestbook.php
> downloadable? It should be processed by php so that the source code
> should not be available for download. Check you php config.
>
> Joshua.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
--
|| jmkogut ||
email: jmkogut@gmail.com
|| Networking: Where all your problems are category 5. ||
Re: [users@httpd] index/directories leave me vulnerable
Posted by Joshua Slive <js...@gmail.com>.
On 10/13/05, paul johnson <p_...@hotmail.co.uk> wrote:
> i have set up a simple guestbook php script. the index.php contains the
> admin password and this file is quite freely available if someone just went
> to the guestbook/ directory and downloaded the file..
>
> is it possible to make it so people cant view directories/index's on my
> site. ive spent a good while looking for information relating to this but i
> cant find any.
See:
http://httpd.apache.org/docs/1.3/misc/FAQ.html#indexes
But I think you have a deeper problem. Why is guestbook.php
downloadable? It should be processed by php so that the source code
should not be available for download. Check you php config.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org