Reputation: 13673
Can an empty index.php truly hide its folder?
Say I have an /images folder in my website, which I don't want to be browsed by visitors. I usually prevent it by creating an empty ./images/index.php file. Is it 100% safe?
I mean, if the user knows the filename, they can type website.com/images/image.jpg, that's OK, but they cannot see the contents of the folder, right?
Upvotes: 0
Views: 1761
Answers (2)
Reputation: 124
you can write this rule in you server configuration,such as nginx.conf
location ^~ /images {
deny all;
}
this means all request for path like www.website.com/images/xxx are forbidden
Upvotes: 1
Reputation: 1666
Method One
Put the .htaccess file in the desired folder. Edit this file and put
deny from all
This way it will solve all your problem of direct access and will not have to put additional index file in the folder.
Method two
If you want to go with putting index file or do not want any file to be accessed directly, then put
<?php
if(!defined('Variable')) {
die('No direct access');
}
?>
In the file you dont want to be accessed and put
<?php
define('Variable', TRUE);
?>
in the index.php.
Upvotes: 3
Related Questions
- PHP & .htaccess - Hide folder in URL
- Hiding existance of directory and file structure with .htaccess
- Hiding folder with htaccess
- Hide PHP Files in Folder Directory
- Avoiding the users to be able to see a directory in php
- Private folder in PHP?
- Hiding folder .htaccess
- Blank index.php vs. Options -Indexes to disallow directory listings?
- PHP: can an empty `index.html` 'hide' files in that directory (if the files names are not known)?
- directories with no index file