The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Directory Browsing

Discussion in 'General Discussion' started by theDOG, Jan 18, 2003.

  1. theDOG

    theDOG Member

    Joined:
    Jan 18, 2003
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    I'm a reseller, new to WHM/CPanel. When my domains started coming online, i started getting emails from clients complaining that the whole world can just go browsing around their directories.

    Is this default behavior for WHM/Cpanel servers? Is there something i can change, or ask my provider to change?

    My clients are justifiably outraged, (one had a forum full of jerks having a party with her image directory), i'm also outraged, but i'm looking all over the web and don't see any other outrage, so i'm wondering if i should have expected it. I didn't expect it because none my servers ever did this before.

    I tried the Web Protect feature in CPanel, but that resulted in requests for passwords for ALL files in protected directories. I don't want to make custom .htaccess for every single dir on every single account. So i threw some dummy 403 index.html pages in everyone's directories, but it just doesnt seem like that should be necessary.

    Thanks for any advice.
     
  2. taivu

    taivu Well-Known Member

    Joined:
    Nov 22, 2001
    Messages:
    65
    Likes Received:
    0
    Trophy Points:
    6
    [quote:485299c316][i:485299c316]Originally posted by theDOG[/i:485299c316]I don't want to make custom .htaccess for every single dir on every single account. So i threw some dummy 403 index.html pages in everyone's directories, but it just doesnt seem like that should be necessary.[/quote:485299c316]

    You only need one .htaccess file per user, place it in the webroot directory (public_html) with the line &Options -Indexes& in it. This will disable directory browsing in the webroot directory plus all subdirectories (=whole site). If directory browsing needs to be enabled for a subdirectory, place .htaccess file with &Options Indexes& in it to the directory in question.

    Create identical .htaccess file in your cpanel3-skel/public_html directory so it will get added automagically to all new accounts you create.
     
  3. theDOG

    theDOG Member

    Joined:
    Jan 18, 2003
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    VERY HAPPY COOL!

    Thank You.

    er... do i just make the .htaccess file like that? I mean that's all it needs to say?
     
  4. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,578
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Toronto, Ontario Canada
    Yep! Also if you want this to be the norm all of the time put the .htaccess in /home and that's all.
     
  5. net3media

    net3media Member

    Joined:
    Mar 4, 2003
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    Wouldn't the above solutions break the ability to use the cpanel to add/remove directory browsing?

    I'm sure you are aware that this is an option available to the client with their cPanel pages.
     
  6. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,578
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Toronto, Ontario Canada
    And this thread was before that was available. Read the dates.
     
  7. Biotron2000

    Biotron2000 Active Member

    Joined:
    Jul 20, 2004
    Messages:
    41
    Likes Received:
    0
    Trophy Points:
    6
    -bump-

    Thanks, this tip was very helpful. I tested it and discovered not only does it work, but you don't need to restart Apache to activate it.

    Patrick McNeal
     
Loading...

Share This Page