OK, I know I should know this and I know it's there's an easy solution... What do I need to do to prevent people from getting a list of all of my files when they go to subdirectory on my site (i.e., images.) Do I need to set the directory permissions differently? If so, what? (My webhost uses Linux servers.) Or do I need to put an "index.htm" file in each directory (even if it only contains images) to redirect to the home page? Or what?

My brain is a little fried at the moment and I'm not thinking too clearly. :(

Thanks, Jeanie

Put a blank index.html file in the directory.

Thanks Doug. I knew it was something simple like that!

Jeanie

The best is to get your Web host to set the preferences for Apache to not allow browsing of the directories.

Al, is that with the .htaccess file?

Jeanie

Hi Jeanie - I've been trying to figure this out too and read up on the .htaccess stuff but I thought it should be easier than that.

I was just in my ftp program deleting some files from the server and when I right click on a folder or file, I noticed a "set permissions" option. Selected that and I got a dialog where I can set permissions and it works.

I have stuff on two different servers and it worked on both of them.

Hope this helps, Margaret

Margaret,

Did you set the directory permissions to rwxr--r--? If not, what?

Thanks,
Jeanie

Sorry Jeanie - that doesn't work after all. I could set the permissions so that nobody could see the images folder but then the images wouldn't display in the html page either.

I think Doug's way is the easiest - put a blank index.html in the folder - you could dress up the index.html with your logo and an invitation to send you $$ if they really want to get hold of your images. :)

take care, Margaret

[/i]Sorry Jeanie - that doesn't work after all. I could set the permissions so that nobody could see the images folder but then the images wouldn't display in the html page either.[/i]

That's what I thought! I'm pretty sure that a directory has to have at least execute permissions in order for anyone visiting the website to view the pictures on the webpage - but that also allows them to see everything in the directory (if there's no index.htm file.)

I think Doug's way is the easiest - put a blank index.html in the folder - you could dress up the index.html with your logo and an invitation to send you $$ if they really want to get hold of your images. :)

Yes, this idea sounds like a plan. Is there no .htaccess solution or did it just seem too complicated?

FWIW, if someone really wants to get ahold of my images, they will. :( Even if I put an index.htm file in each directory, someone could still type in the full path name to the JPG file and easily view it. I just don't want people to be able to see the full list of my files in each directory.

Thanks for the help,
Jeanie

Sorry for taking so long to reply, I've not been online for a while. If you want to limit access to directory listings, it's best that it's done by the Web host. The file that needs to be modified is httpd.conf, and that's a system file. I can't remember off the top of my head which entry needs to be modified, but will let you know as soon as I get a chance to page thru' the file.

Thanks for the additional info Al. I've got the index.htm files set up at this point, but would like to do it "right" once I understand what "right" is. ;)

I will ask my webhost.

Thanks, Jeanie

Jeanie, the directive I used was "IndexIgnore *". You can point the support people at your Web host to this URL (http://www.apacheref.com/ref/mod_autoindex/IndexIgnore.html). Unfortunately, as I've used it, it's system wide, but instead of the "*", I'm sure there should be a way for them to use your home directory (eg "jeaniesa/*"). I'll speak to one of the boffins here.

Thanks Al! :D I was looking at some Apache documentation last night, but I don't think I would have chosen that particular directive just looking at the list of them.

Jeanie