[Apache] Forbidden Directory

[Innovati0n]

No doubt that this is going to be a stupid question but it's been bugging me so I will ask.

I have a directory on my server called /images and I want the images in that folder to be hidden with a Forbidden page that also says You don't have permission to access /images on this server.

:blush:

 

[s-p-n]

Re: Forbidden

Create a file called ".htaccess" with the contents "deny from all"

 

[spikensbror]

Re: Forbidden

You gould just make a empty index.html and put it in your images folder.

 

[jMerliN]

Re: Forbidden

Create a file called ".htaccess" with the contents "deny from all"

That's assuming he has htaccess files enabled and that he's using apache.

 

[s-p-n]

Re: Forbidden

You gould just make a empty index.html and put it in your images folder.

That won't stop anyone from seeing the images in that directory.

Merlin is right. As in, the '.htaccess' file will only work on Apache servers, and if you have permission to use .htaccess...... If you have any kind of paid host, pretty much, you can most-likely do this..

I sort of assume that after working with PHP developers so often, recently..

 

[Hidden]

Re: Forbidden

That won't stop anyone from seeing the images in that directory.

Merlin is right. As in, the '.htaccess' file will only work on Apache servers, and if you have permission to use .htaccess...... If you have any kind of paid host, pretty much, you can most-likely do this..

I sort of assume that after working with PHP developers so often, recently..

Doesn't that deny from all including himself?
I think he just wants the contents hidden, not to deny access from the images themselves.
If so, just make index.htm and upload it, this will not allow anyone to see the contents of the folder, but if they know the url then they can view the image.

 

[jMerliN]

Re: Forbidden

Assuming apache, you can use Options to disable Indexes, and if it's on linux, removing the execute flag on the folder for the user/group/owner (whatever the www user you have is) will prevent the web server from being able to produce a list of files.

You must be registered to see links

 

[s-p-n]

Re: Forbidden

You'll probably be able to secure how Merlin said with an FTP client You might be able to do it that way even if you can't use .htaccess.

However, the way I mentioned is the only way I know of to get exactly what you're asking.

To my understanding, the OP wants a 403 error message on all files in the 'images/' directory when accessed by a client/browser, including the directory itself.

No doubt that this is going to be a stupid question but it's been bugging me so I will ask.

I have a directory on my server called /images and I want the images in that folder to be hidden with a Forbidden page that also says You don't have permission to access /images on this server.

:blush:

He can still get to the images through FTP, host, server-side code (such as PHP), etc. When a client/browser sends a request for anything in that directory, the server returns a 403 (permission error) instead of the requested.. image, in this case.


What that permission error says, could rely on the host, a default value, or a custom error page (which can be done quite simply in .htaccess as well)

 

[holthelper]

Re: Forbidden

your talking about hot-linking and the .htaccess file can achieve that.

take a look into this site:

You must be registered to see links

.

just googled it, check and save google as a favorite because it will become your best friend.

 

[s-p-n]

Re: Forbidden

The keyword "Forbidden", is a 403 HTTP error,

The 403 Forbidden HTTP status code indicates that the client was able to communicate with the server, but the server will not let the client access what was requested.

This response is returned by the Apache web server when directory listings have been disabled. Microsoft IIS responds in the same way when directory listings are denied. This response may also be returned by the server if the client issued a WebDAV PROPFIND request but did not also issue the required Depth header, or issued a Depth header of infinity[1].

I figure the above is what the OP wants to do with the images directory.

Though trying to prevent Hotlinking (which might be ideal to prevent other web-sites from eating up bandwidth via image requests), might be more specific to the problem. However, it won't protect the images from the client/browser, and can still be downloaded/viewed. If the OP doesn't mind that, (and/or if securing the directory ruins the site's appearance) then preventing "Hotlinking" is a better solution.

If you want the browser to say "Forbidden" when a client requests the directory, but still want the images to work, you can, (as stated above) create an index file that says whatever you want.. (Like "Forbidden"

There, all the solutions you could ever want.

 

[Innovati0n]

Re: Forbidden

Thanks for all of the help, but it's not what I was looking for. I want the folder to be forbidden to see what is in it, but the image can be linked with my css to make the layout.

Oh and yes, I'm using Apache/2.2.11.

 

[iCloud]

Re: Forbidden

Well, I think the only way is to use a fake index page.

 

[s-p-n]

Re: Forbidden

Thanks for all of the help, but it's not what I was looking for. I want the folder to be forbidden to see what is in it, but the image can be linked with my css to make the layout.

Oh and yes, I'm using Apache/2.2.11.

Unfortunately, if you deny access to all the images, it will break the images in your stylesheet. It's kind of a one-way street. There may be a work-around though- Do you mind me asking why (for what purpose) do you request to secure the images directory?

If there's some images you want to keep secure, and others you want public, consider making a new directory for the secure ones, and putting the .htaccess file to deny access to those files. You can use PHP to dynamically copy and display the secure images, though it takes a significant amount of time, so it's not recommended for common tasks.

You can use an index file to prevent the automatic file-browser some hosts provide for default directories from coming up.

If you want to prevent people from stealing your images, there's no way to let them view the image. (The way a browser works, is before you see it, the file must be downloaded). Since everything you see through a client is on your computer at that point, if you want them to see the images, they must have the right to download them. Just the way it goes with computers, unfortunately. :closedeyes:

Perhaps you just need to be a little clever with the technology we do have? :

Again, why (for what purpose) do you request to secure the images directory?

 

[bone-you]

Re: Forbidden

As has been said multiple times, what you want to do is stick a blank index.html in there and you'll be good. Using a PHP script to load images and output them puts unnecessary load on the server for just viewing an image.

 

[Superfun]

Re: Forbidden

How about

Options -Indexes

 

[jMerliN]

Re: Forbidden

How about

Options -Indexes

Assuming apache, you can use Options to disable Indexes, and if it's on linux, removing the execute flag on the folder for the user/group/owner (whatever the www user you have is) will prevent the web server from being able to produce a list of files.

You must be registered to see links

>.>

5chars