Author Topic: Prevent browsing of ../upload directory (Read 1618 times)

Charles · « **on:** January 27, 2011, 10:42:58 am »

While exploring how File Storage = File System and observing the content of the directory http://www.example.com/directory_of_FO/upload I realized that an index.php or index.html (or other mechanisms available) didn't exist to prevent browsing to that folder.

Since emails appear to be stored in the contents of ../upload/ and could be read by other savvy employees, and since unintended directory browsing is just bad form IMHO, I offer the following to those who may have similar concerns:

Use an editor to create the following code snippet in a file you call index.php in any otherwise unprotected directory:

Code: [Select]

<?PHP header("Location: http://www.example.com/yourFOdirectory/"); exit ?>
Now, when someone points their browser to http://www.example.com/yourFOdirectory/upload they will simple be redirected back to the root of the FO directory.

Cheers.

asylumtheory · « **Reply #1 on:** January 31, 2011, 05:45:53 pm »

You can also create a .htaccess file in the upload directory and put in

Code: [Select]

options -indexes
You should now get a forbidden error if you try to access the address of your upload directory via a web browser.

Feng Forum

News:

Author Topic: Prevent browsing of ../upload directory (Read 1618 times)

Charles

Prevent browsing of ../upload directory

asylumtheory

Re: Prevent browsing of ../upload directory