Directory Browsing

[theDOG]

I'm a reseller, new to WHM/CPanel. When my domains started coming online, i started getting emails from clients complaining that the whole world can just go browsing around their directories.

Is this default behavior for WHM/Cpanel servers? Is there something i can change, or ask my provider to change?

My clients are justifiably outraged, (one had a forum full of jerks having a party with her image directory), i'm also outraged, but i'm looking all over the web and don't see any other outrage, so i'm wondering if i should have expected it. I didn't expect it because none my servers ever did this before.

I tried the Web Protect feature in CPanel, but that resulted in requests for passwords for ALL files in protected directories. I don't want to make custom .htaccess for every single dir on every single account. So i threw some dummy 403 index.html pages in everyone's directories, but it just doesnt seem like that should be necessary.

Thanks for any advice.

 

[taivu]

[quote:485299c316][i:485299c316]Originally posted by theDOG[/i:485299c316]I don't want to make custom .htaccess for every single dir on every single account. So i threw some dummy 403 index.html pages in everyone's directories, but it just doesnt seem like that should be necessary.[/quote:485299c316]

You only need one .htaccess file per user, place it in the webroot directory (public_html) with the line &Options -Indexes& in it. This will disable directory browsing in the webroot directory plus all subdirectories (=whole site). If directory browsing needs to be enabled for a subdirectory, place .htaccess file with &Options Indexes& in it to the directory in question.

Create identical .htaccess file in your cpanel3-skel/public_html directory so it will get added automagically to all new accounts you create.

 

[theDOG]

VERY HAPPY COOL!

Thank You.

er... do i just make the .htaccess file like that? I mean that's all it needs to say?

 

[dgbaker]

Yep! Also if you want this to be the norm all of the time put the .htaccess in /home and that's all.

 

[net3media]

Wouldn't the above solutions break the ability to use the cpanel to add/remove directory browsing?

I'm sure you are aware that this is an option available to the client with their cPanel pages.

 

[dgbaker]

And this thread was before that was available. Read the dates.

 

[Biotron2000]

-bump-

Yep! Also if you want this to be the norm all of the time put the .htaccess in /home and that's all.

Thanks, this tip was very helpful. I tested it and discovered not only does it work, but you don't need to restart Apache to activate it.

Patrick McNeal