How to Make A Directory Forbidden

8 replies
  • WEB DESIGN
  • |
I have a website that has several directories that are not using wordpress.

Is there anyway to make these directories forbidden while allowing access to the files inside the directories?

For example I have a site where I give a way a free report at:

mysite.com/report/report.pdf

I would like to make the "report" directory forbidden in case anyone tries to sees what else is in side mysite.com/report

Thanks for your input
#directory #forbidden #make
  • Profile picture of the author David Beroff
    You can certainly get fancy with .htaccess, but the easiest thing to do to meet your needs is to publish a simple index.php file, saying pretty much anything you'd like.
    Signature
    Put MY voice on YOUR video: AwesomeAmericanAudio.com
    {{ DiscussionBoard.errors[8861551].message }}
    • Profile picture of the author JohnFireMan
      Originally Posted by David Beroff View Post

      You can certainly get fancy with .htaccess, but the easiest thing to do to meet your needs is to publish a simple index.php file, saying pretty much anything you'd like.
      Perfect, thank you
      {{ DiscussionBoard.errors[8861588].message }}
  • Profile picture of the author Jack Gordon
    Sometimes the simple answer is the best. I would only add to David's answer that I am not aware of any reason it has to even be a php file - an index.html should do the trick just as nicely.

    When you do decide to get fancier, I know aMember Pro can protect directories outside of Wordpress for you.
    {{ DiscussionBoard.errors[8861595].message }}
    • Profile picture of the author David Beroff
      Originally Posted by Jack Gordon View Post

      I am not aware of any reason it has to even be a php file - an index.html should do the trick just as nicely.
      Correct. I just got into the habit of always using PHP even in absolutely trivial cases, since then you can always add (unanticipated) features later. For example, the OP might decide to add a redirect in the future, and will be able to do so without changing filenames. But sure, there's no real reason that it has to be PHP.
      Signature
      Put MY voice on YOUR video: AwesomeAmericanAudio.com
      {{ DiscussionBoard.errors[8861620].message }}
      • Profile picture of the author joe ferdinando
        go into your wordpress content directory and copy the index.php and copy it to any directory you need hidden!

        Also there are many plugins available to hide content and to deliver content!

        also you can add this to your .htacess file to protect every directory without a index file!

        Code:
        # Protect Directories Options -Indexes
        Signature
        {{ DiscussionBoard.errors[8862095].message }}
        • Profile picture of the author RobinInTexas
          You are dealing with those that are looking where they shouldn't be.

          I prefer to just send them on their way scratching their head if they are live snoops, and if it's a bot, they might be slowed in their travels depending on their timeout settings.

          Here's my index.php file

          PHP Code:
          <?php
          header
          ('HTTP/1.1 301 Moved Permanently');
          header("Location:http://$ _ SERVER[REMOTE_HOST]");
          exit;
          ?>

          you need to remove the spaces that I had to insert before and after the _ to get the code to remain in the post.
          It just tells them that the page/content they are looking for is moved to the IP that they are coming from.
          Signature

          Robin



          ...Even if you're on the right track, you'll get run over if you just set there.
          {{ DiscussionBoard.errors[8863289].message }}
  • {{ DiscussionBoard.errors[8863397].message }}
    • Profile picture of the author RobinInTexas
      Originally Posted by Jack Gordon View Post

      That is deliciously devious
      Actually I got the idea from someone who suggested sending them to a bad neighborhood or to Google, but I decided I didn't want to piss off G or some hackers.

      This seems to me to be the best approach as far as minimal impact on my host. The usual 403 approach ends up writing an error to the Apache error log file, extra work and clutter to filter out if you are trying to resolve other issues by looking at the log file.

      I do the same with my .htaccess to discourage bandwidth sucking spiders

      Code:
      RewriteCond %{HTTP_USER_AGENT} Baidu [NC,OR]  
      RewriteCond %{HTTP_USER_AGENT} Yandex [NC,OR] 
      RewriteCond %{HTTP_USER_AGENT} YYSpider [NC]
      RewriteRule .* http://%{REMOTE_ADDR} [L,R=301]
      Works for the whole domain WordPress or not, and it keeps WordPress from ever seeing the traffic, unlike a plugin which impacts heavily on the server.
      Signature

      Robin



      ...Even if you're on the right track, you'll get run over if you just set there.
      {{ DiscussionBoard.errors[8864141].message }}

Trending Topics