[security] is it safe just by putting index.php / index.html

[szpilman]

Dear All,
In order to prevent anyone to browse my 'www' directory (document root) i have put a file index.php which contains code

Code:

<h1>Sorry You cannot browse this directory</h1>

thing that i want to ask is, is there any ways to break through this way, that can make visitor see through the listing of my directory ?
if yes, would anyone please let me know and how to counter it ....

(without modifying apache configuration of course)

thnx in advance

rgrds,


szpilman

[PeejAvery]

As long as an index file exists, there is no way to directory list.

[szpilman]

thnx peejavery
but could you give me more explaination on this..
maybe a document or link ..

[EoF]

As long as an index file exists, there is no way to directory list.

I don't know if it is necessarily true. As long as there is an index file you can not browse the directory with a browser! I think it's possible to write a program (for instance in Visual C using InternetFindNextFile()) to browse a directory.
Now, if anyone tried to browse your directory they'd get that "<h1>Sorry You cannot browse this directory</h1>" message so they'll know there's something there and might be determined to find out what it is through the above mentioned way. What I would do is replace the message with a standard page unavailable message, or better, redirect to the error 400 page. Hope this makes sense!

[PeejAvery]

Well, you can write a flood program using a dictionary but that can't be stopped. But the likelyhood is small.