Locked down area of a website question?

Question:

Ese Loco

2008-04-19 10:55:03 UTC

Ok - let me see how I can explain this. On my site, I have an area called "tank" which houses pix that I like to link to on blogs and whatnot. For example, to link to a pic on a blog, I upload to :

http://www.mysite.com/tank/picture.jpg

Lately i've found some of my stuff stolen from the tank section of the website. The only way this could have been done is by somebody going to :

http://www.mysite.com/tank

and seeing the directory listing of all contents of tank and helping themselves. Is there a way to prevent this? In other words, is there some kind of setting or way to get an access denied message or something like that if someone was to go to www.mysite.com/tank? Or a way to make nothing within that folder viewable unless I provide a direct link to a pic (qualify the www.mysite.com/tank/picture1.jpg with a file name)?

Hope this makes sense. Thanks in advance!

Four answers:

anonymous

2008-04-19 13:30:11 UTC

just some simple things:

Always add an: index.html or index.php file in those directories. this will block directory listings.

Second I would recommend a .htaccess file.

create a file called .htaccess yes with the dot!

Add this:

RewriteEngine on

RewriteCond %{HTTP_REFERER} !^$

RewriteCond %{HTTP_REFERER} !^http://YOURSITE.COM/.*$ [NC]

RewriteCond %{HTTP_REFERER} !^http://WWW.YOURSITE.COM/.*$ [NC]

ReWriteRule .*\.(gif|jpg)$ - [N,F,L]

Edit YOURSITE.com with your URL, then add this .htaccess in your Image directory. and Voila! All images will be protected from leechers

R "n" D

2008-04-19 18:10:09 UTC

It is not veiwable to anyone but everytime you use the link to the pix on a blog etc.... An indexing "bot" that is indexing that blog can following that link regardless and once they are in they grab what every images are in there. The biggest Picture Bots are Google images, msn images, and picsearch.. Once their "bot" gets the picture they have it searchable on their site and little is done to protect your work because from there millions of people have access and will use it for what ever. You could use a robots.txt file on your site and disallow access by any "bot" "spider" access to that directory but there are bad bots that will index and grab thepix anyway and post them on their sites and again from there anyone has access to them.

KeWr

2008-04-19 18:04:58 UTC

If it's a linux (Apache) web server, you can actually password protect it using .htaccess, or use the -Indexes option in your httpd.conf file.

A down and dirty way....

In your /tank directly, just place a plank index file (index.html, index.php, whatever your default index is) and that will pull up instead of the directory listing. A person would have to have the exact file name (/tank/filename.ext) to get to a file.

Also, in your web root, create a robots.txt excluding your /tank directory. This will keep search engines from crawling it so it won't show up in searches.

anonymous

2008-04-19 18:02:32 UTC

open a textpad and type a messge for your leachers save it as index.htm and upload it to your dir that you wish to deny directory listing when they go to mysite.com/tank they will get your message instead of a listing

ⓘ

This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.

about - legalese