News:

The "Support Requests" forum is now viewable by guests.

Main Menu

Preventing people to see the content of a directory

Started by Dondavid, February 04, 2007, 06:41:19 PM

Previous topic - Next topic

Dondavid

Hi,

I am looking for a way to prevent user from seeing the content of my website directory. I guess I might put a .htaccess with that line in it:
Options -Indexes
but it doesn't work because all I get is a Server Internal Error and I don't understand why.

I know it would be easier to put a index.html file in each directory, but I'd prefer solve this problem.

Can anyone help me please?

brainiac744

You can't use options directives in htaccess files on this server, that's why you're getting a 500 error. You can turn off directory listing in the options panel after you've logged in :)

Dondavid

OK thanks, and do you know what is the option 'multiviews' ?

brainiac744

I think that allows you to not use extensions on files, like using the url http://www.domain.com/about, to access about.htm, but I'm not 100% sure about that.

bonehead

Go to your freepgs user options panel > goto set scripting options > general settings "toward bottom" > set Dir Indexes & MultiViews to disabled.

Dans34

Multiviews

MultiViews is a per-directory option, meaning it can be set with an Options directive within a <Directory>, <Location> or <Files> section in access.conf, or (if AllowOverride is properly set) in .htaccess files. Note that Options All does not set MultiViews; you have to ask for it by name.

The effect of MultiViews is as follows: if the server receives a request for /some/dir/foo, if /some/dir has MultiViews enabled, and /some/dir/foo does not exist, then the server reads the directory looking for files named foo.*, and effectively fakes up a type map which names all those files, assigning them the same media types and content-encodings it would have if the client had asked for one of them by name. It then chooses the best match to the client's requirements.

MultiViews may also apply to searches for the file named by the DirectoryIndex directive, if the server is trying to index a directory. If the configuration files specify

  DirectoryIndex index

then the server will arbitrate between index.html and index.html3 if both are present. If neither are present, and index.cgi is there, the server will run it.

If one of the files found when reading the directive is a CGI script, it's not obvious what should happen. The code gives that case special treatment --- if the request was a POST, or a GET with QUERY_ARGS or PATH_INFO, the script is given an extremely high quality rating, and generally invoked; otherwise it is given an extremely low quality rating, which generally causes one of the other views (if any) to be retrieved.