how to prevent directory access and show forbidden error in php

Question

1. I am new to .htaccess, i want to know how to use .htacces to prevent direct access via url of my folder e.g. localhost/mycart/images/ OR localhost/mycart/css should show forbidden message.

2. currently i've put index.php in every folder of my website and echo the messages is it good way to do it.

3. when i access my website like www.mycart/index.php/css or www.mycart/index.php/images it show website without images and css why and how to fix it?

Answer 1

You can simply add the following to your .htaccess

# Don't listing directory
Options -Indexes
ErrorDocument 403 http://www.your-website-home-page.com/
# Follow symbolic links
Options +FollowSymLinks

# Default handler
DirectoryIndex index.php

This will load only the index.php file while file browsing. If no index.php file is found 403 error happens (Access restricted) and it will send the user to home page

Answer 2

I have used

# disable directory browsing
Options -Indexes

Conversely, to enable directory browsing, use the following directive:

# enable directory browsing
Options +Indexes

Likewise, this rule will prevent the server from listing directory contents:

# prevent folder listing
IndexIgnore *

And, finally, the IndexIgnore directive may be used to prevent the display of select file types:

# prevent display of select file types
IndexIgnore *.wmv *.mp4 *.avi *.etc

Courtesy From: Prevent Unauthorized Directory Browsing from Stupid HTACCESS Tricks.

It also contains many other useful commands to be used in .htaccess for security and performance enhancement.

Answer 3

If you want to deny access to all files:

deny from all

If you want to disable directory listing:

IndexIgnore *