« previous next »
Pages: [1]

Author Topic: security issue  (Read 3000 times)

r2gnl

  • Newbie
  • *
  • Posts: 6
    • View Profile
security issue
« on: April 01, 2009, 01:19:05 pm »
I've just installed version 1.3.1 and to my surprise without logging into the system, I can browse through all foilders? Their seems not to be any .htaccess blocking this access. Nor any other way to block listing of folder from the installation.

I'm used to work with a cms like joomla which has for example htaccess and a blanc index.html file, I've found (and also posted) an old topic regarding the same but then only for ../upload (see: http://forums.opengoo.org/index.php?topic=859.0 )
Is their something I've missed setting up opengoo?

Regards, Remco
Logged

r2gnl

  • Newbie
  • *
  • Posts: 6
    • View Profile
Re: security issue
« Reply #1 on: April 01, 2009, 04:52:19 pm »
 ;D just to let any other newbee know what to do, look at the .htaccess file in de root of opengoo. And expend it to the following lines:
Code: [Select]
AddDefaultCharset utf-8
Options -Indexes
IndexIgnore */*
That way the folder listing gives an error 403 and a searchbot get to ignore indexing your folder.

More info on htacces (not rtfm on apache  ;) ) see: http://www.pixeline.be/blog/2006/beginners-guide-to-htaccess-file/

Regards, Remco

Logged
Pages: [1]
« previous next »