1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

If I don't want anyone to see a folder content, is it enough to upload a blank index.html?

Discussion in 'White Hat SEO' started by ruger999, Nov 6, 2013.

  1. ruger999

    ruger999 Newbie

    Joined:
    Sep 18, 2011
    Messages:
    45
    Likes Received:
    1
    I have a domain with a subfolder in which I have a few files for testing, and don't want anyone to access these files.
    by default if there's no index.html I notice that by typing the folder name you can see all it contains,
    so would adding a blank index.html be enough, or are there some server definitions I should define...?

    thanks
     
  2. victor1234

    victor1234 Registered Member

    Joined:
    Nov 22, 2009
    Messages:
    98
    Likes Received:
    25
    no

    look into htaccess rules

    you can and should block all access to the folder

    i imagine there are bots out scraping the interwebs looking for vulnerabilities and when they find a blank index.html they are checking that folder for /config.php or whatever

    google htaccess prevent access to folder
     
    • Thanks Thanks x 2
  3. ruger999

    ruger999 Newbie

    Joined:
    Sep 18, 2011
    Messages:
    45
    Likes Received:
    1
    thanks, I've added a:
    Options -Indexes

    to an .htaccess file that I've uploaded to that folder
     
  4. BobbyKhan

    BobbyKhan Registered Member

    Joined:
    Nov 6, 2013
    Messages:
    54
    Likes Received:
    5
    Victor1234 is definitely correct.
     
  5. TZ2011

    TZ2011 Senior Member

    Joined:
    Jun 26, 2011
    Messages:
    832
    Likes Received:
    863
    Occupation:
    Cleaning servers
    add this in .htaccess, too

    Code:
    order deny,allow
    deny from all
    Also you should look into perishable press firewall (6g beta) and learn about filtering query strings, basic prevention from fingerprinting folder, common names of files, etc.
     
    • Thanks Thanks x 1
  6. gavinb

    gavinb Junior Member

    Joined:
    Dec 2, 2012
    Messages:
    129
    Likes Received:
    28
    Occupation:
    AM
    Location:
    CA
    yup never do that empty index html crap. It is a very weak vulnerability. Either do not allow anybody permission but you (ip wise) or use ftp only for file transfers.