Using WAMP server (apache), if I put http://localhost:8080/website/img/ in the
browser address bar and there is no index.html file in there I get an automated list of the linked (image) files in that directory:
Index of /website/img/
Parent Directory
IMG1.jpg
IMG2.jpg
IMG3.jpg
This is using the default install of WAMP.
When I try the same thing on a remote site I have (hosted on GoDaddy w. Linux) I get a 404 (Page Not Found) Error, as you would expect I guess.
Is someone able to point me towards the way I can replicate the effect I get on my local machine on the remote site so the user is shown a similar crude list of images (or whatever) rather than a 404 error?
Thanks in advance.
it's because godaddy protect your folders by adding a .htaccess file inside them,if this file exists in your folder of img delete it and it will display the same thing as in localhost.
Preventing Directory Listing
Do you have a directory full of images or zips that you do not want people to be able to browse through? Typically a server is setup to prevent directory listing, but sometimes they are not. If not, become self-sufficient and fix it yourself:
IndexIgnore *
The * is a wildcard that matches all files, so if you stick that line into an htaccess file in your images directory, nothing in that directory will be allowed to be listed.
On the other hand, what if you did want the directory contents to be listed, but only if they were HTML pages and not images? Simple says I:
IndexIgnore *.gif *.jpg
This would return a list of all files not ending in .jpg or .gif, but would still list .txt, .html, etc.
And conversely, if your server is setup to prevent directory listing, but you want to list the directories by default, you could simply throw this into an htaccess file the directory you want displayed:
Options +Indexes
If you do use this option, be very careful that you do not put any unintentional or compromising files in this directory. And if you guessed it by the plus sign before Indexes, you can throw in a minus sign (Options -Indexes) to prevent directory listing entirely--this is typical of most server setups and is usually configured elsewhere in the apache server, but can be overridden through htaccess.
If you really want to be tricky, using the +Indexes option, you can include a default description for the directory listing that is displayed when you use it by placing a file called HEADER in the same directory. The contents of this file will be printed out before the list of directory contents is listed. You can also specify a footer, though it is called README, by placing it in the same directory as the HEADER. The README file is printed out after the directory listing is printed.
Read this :http://www.javascriptkit.com/howto/htaccess11.shtml
Make a text file on your computer called "htaccess.txt"
Add this one line to it:
Options +Indexes
Save the file then upload to the folder you want to see the files in.
Once it is uploaded, rename the file to ".htaccess".
You will now be able to view all the files in that folder.
Be careful what you put in that folder!
Related
I have written an application in CakePHP 3.x and there is a form to upload files.
At present, files are being uploaded to WWW_ROOT.'files' which is /app/webroot/files/ path.
To store files separately from core application, I created a subdomain cdn.example.com whose path is like /home/user/example.com/cdn.example.com/.
since, uploading files requires absolute path, how can I get absolute path of the subdomain cdn.example.com same as $_SERVER['DOCUMENT_ROOT']; from example.com?
First check if your server allow to write files from main domain to subdomain.
You can't get the absolute path of a different domain of the one you deployed your application, you should store the path in a variable or in constant.
If you really need to store files in another domain/subdomain and any path is blocked you should consider to reupload the files via FTP script.
I found an article on using external config files here. While I was able to extract my config settings, I was unable to put them in a central location.
When i tried to do something like this:
<connectionStrings configSource="C:/dev/Configs/ConnectionStrings.config" />
It causes a type initializer exception. If i put the file in a folder under the bin directory, it's ok. Problem is, I want to keep the config files central to all apps so i can reuse it in a lot of places.
Is it just not doable?
I ended up using Symbolic Links. I created a subfolder under each app that symlinked back to the master config folder. All apps share the same Connection Strings now.
I want to protect some files in my server from download but my site needs to have access in them. I want to protect some subtitles files, which are needed to be accessed by site, but I don't want anybody to download them. The site is hosted.
For example some sites use some strange strings that are connected with user, video and IP. Can be used something like this for my case.
http://www11.some-site.com:182/d/qygiatnqvsulzrqmk7n6nbhddbcscvyguy4auc3fn4nvf23jp64tjcpa/File-needed.mp4?start=0
If you are using Apache, You have to use rewrite rules in your .htaccess file. IF you are using other HTTP Server brand, you should use almost the same logic that I will show here, so check your HTTP server manual in that case.
Explain:
When you type www.me.com/index.php the PHP system puts the content generated by the echo commands you use inside your code.
When you type www.me.com/myfiles/iou345yo13i2u4ybo34ybu3/passwords.txt your server will put the file contents to the client browser, which will ask you to download it as a file or show as a page, depending of the file extension.
Now, if you do something like this in your .htaccess file:
RewriteEngine On
RewriteRule ^myfiles/([^/]*)^.pdf$ /index.php?file=$1& [L]
# avoit direct access to your server directories file listing
Options All -Indexes
You will type www.me.com/myfiles/file123.pdf but the server will execute index.php with the file name as content of the "file" parameter, and there in the code, you will be able to check the session to see if the user has the authorization to download this file.
If the user has the authorization, you then use the readfile() function to send the file to the user and he will not recognize where it came from (I mean the real path).
Look on how to do this here:
PHP - send file to user
Change to 644 permissions in your content.
I want to restrict access to a file or files using .htaccess file. Basically, no one should be able to download file(s) using direct link to the file. However, the file should be accessible from my website.
For instance, say I have a file called Presentation.ppt. I want the visitor to have access to it through my website, but if they try to download it or access it using direct link then the server should reject the request.
Is it possible to do that using .htaccess?
Thank you in advance,
You can deny access to the directory for every IPA but the server's:
<Directory /dir/of/presentation>
Order Allow,Deny
Allow from 127.0.0.1
Deny from All
</Directory>
That wonk work, as you pointed out.
How about using Mod Rewrite with a rule that maps /dir/of/presentation/* to a forbidden page. That way a direct link won't work. A request for http://site/content/presentation.ppt
could get redirected to http://site/forbidden.html
Internally, you could make a link to http://authorizedRequest/presentation.ppt map to http://site/content/presentation.ppt
It's just security through obscurity. It wouldn't prevent anyone from typing your "secret" URI into their browser directly.
For instance, say I have a file called Presentation.ppt. I want the visitor to have access to it through my website, but if they try to download it or access it using direct link then the server should reject the request.
Is it possible to do that using .htaccess?
It's possible but there's ways to get around it. You need to check against the referer sent by the browser, but anyone can spoof that and sometimes a browser may choose to not even include a referer.
If you are trying to protect the file Presentation.ppt, put these rules in the htaccess file in your document root:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^(https?://)?your_website.com
RewriteRule ^/?path/to/Presentation.ppt - [L,F]
If you want to protect a folder /path/images/ then:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^(https?://)?your_website.com
RewriteRule ^/?path/images - [L,F]
Thank you all for your answers. I have tried all of your suggestions, but I still couldn't get it working. However, I did come up with a solution that does work.
Step 1: Disable or turn off Option Indexes on your web server by removing the word indexes leaving everything else the same. In some instances, you may be able to do this using .htaccess file. If you are unable to do this with .htaccess, then you will have to look for httpd.conf file in your server. It is usually located at etc/apache/httpd.conf or etc/httpd/conf/httpd.conf. Once you find it, turn this option off in there.
Step 2: Create a folder within your webpage folder and call it whatever you want but make sure it is not easily guessable or that it is obvious (i.e. Joe33CompanyOCT2MeBoss). Then, move the files you want to hide or protect from your visitor into this folder.
Step 3: Within robot.txt file, disallow all bots or crawlers from indexing your folder or the files within this folder by entering, "Disallow yourfoldername."
Step 4: Then you will have to create a PHP file using a similar code below. The code below will force download.
$File1 = 'http://yourwebsite.com/Joe33CompanyOCT2MeBoss/Presentation.ppt';
header("Content-Disposition: attachment; filename=\"".basename($File1)."\"");
header("Content-Type: application/force-download");
ob_end_clean();
flush();
readfile($File1);
exit;
This way direct path to the file is hidden from your visitor and even though they can download the file directly they simply don't know the actual URL to the file, because force download php code doesn't reveal the actual path to the file. So, now my visitors to my website has to go through my webpage for downloading this file instead of directly.
Following stackoverflow questions have been very instrumental in helping me solve my programming issues. Thanks,
How to Automatically Start a Download in PHP?
php file force download
The easiest (though not bulletproof) is to redirect the user agent when the HTTP_REFERER is not correct. This can be done using mod_rewrite in the server configuration or (second choice) inside a .htaccess like file. It helps against simply hotlinking (links referencing your file by url).
You should read the fine documentation of moapaches d_rewrite.
I'm thinking about moving one of my clients mysql db to Rackspace could databases. Application is using Cakephp.. I would like to know if someone has experience doing so or will this work just by editing host/user/pass in the database.php file?
I havn't done so but Rackspace has a tutorial about doing so :
http://www.rackspace.com/knowledge_center/article/installing-cakephp-on-cloud-sites
It seems pretty simple, so you should not have any problems
Steps for cake
Locate the .htaccess file in the content directory. After "RewriteEngine on", add a new line with "RewriteBase /" to the .htaccess file and save the file back to the site. You will need to repeat this step for the rewrite rules in the .htaccess files in the app and app/webroot directories.
Load the site in your browser. You will notice several warnings concerning the installation. The first warning will be the following: Notice (1024): Please change the value of Security.salt in app/config/core.php to a salt value specific to your application [CORE/cake/libs/debugger.php, line 556].
Open app/config/core.php file and search for Security.salt. Change its value to whatever characters or string you would like, then save and close the file.
In the app/config/directory in FTP, rename the database.php.default file to be database.php.
Open app/config/database.php and scroll down to the bottom of the page to find the database connection information. Enter your database host name, user name, password and hostname, then save and close the file.
Reload your site in your browser.