Reputation: 745
Hide Internal File Structure of server from being listed on Sources
When I browse to my website and I do inspect element in google chrome, by selecting sources tab I can get list of all folders of my website. Infact, I get their original name and I can download whole website code.
I just want to hide true folder name as people can use that folder name to browse internal website
How can I prevent this? I have already listed Options -Indexes in .htaccess file.
I am working on Joomla and using Amazon EC2 Ubuntu Server so I have full control over server.
Edit: Thanks to Pt. Raman Sharma and LaughingQuoll. I don't really want to hide css or js. I just want to hide true folder name as people can use that folder name to browse internal website
Edit: My .htaccess file:
IndexIgnore *
Options +FollowSymlinks
Options -Indexes
RewriteEngine On
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule .* index.php [F]
RewriteBase /
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteCond %{REQUEST_URI} !^/index\.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule .* index.php [L]
Upvotes: 2
Views: 2152
Answers (3)
Reputation: 3419
I hope I've understood your question correctly, if so, there isn't an easy answer on what you're asking. In this question they explain how to hide the developers tools this should be a good starting point for your goal:
Just to be clear: trying to block hackers client-side is a bad idea in general; this is to protect against a specific social engineering attack.
If you ended up in the test group and are annoyed by this, sorry. I tried to make the opt-out page as simple as possible while still being scary enough to stop at least some of the victims.
The actual code is pretty similar to @joeldixon66's link; ours is a little more complicated for no good reason.
Chrome wraps all console code in
with ((console && console._commandLineAPI) || {}) { <code goes here> }... so the site redefines
console._commandLineAPIto throw:Object.defineProperty(console, '_commandLineAPI', { get : function() { throw 'Nooo!' } })This is not quite enough (try it!), but that's the main trick.
Upvotes: 2
Reputation:
CSS and JS links cannot be hidden. Basically because they are used to display the page and anyone can just root back to the file origin (that is what Google chrome does). So in no way could it be hidden. Besides if you do CRT + S you can save the webpage CSS and the JS.
Upvotes: 2
Reputation: 309
It should only display your css html and JS. These are front end platforms. Your backend like PHP and MYSQL are still hidden. So don't worry about these front end visibility.
Upvotes: 2
Related Questions
- Hiding existance of directory and file structure with .htaccess
- Don't want to show my folder file structure from browser url
- Avoid Directory listing in a shared server
- Apache CONF: How to add outside directories without showing the location in source
- Hide directory in source code
- Hiding folder .htaccess
- Make php files hidden from outside world
- use .htaccess to hide directory structure when serving files
- how to change/hide server directory name?
- How to prevent server files from being viewable online?