HomeBuilding Your WebsiteWeb Programming and Application Development

Directory viewing - Hide a directory listing from view

stunts4film posted this at 00:21 — 19th July 1999.

They have: 2 posts

Joined: Jun 1999

If you have a password protected page in a seperate sub-directory, how can you keep the directory listing from being viewd?
For instance... web address http://www.yourdomain.com
has a password protected page at .com/password/password.asp
If someone wants to see the directory listing, they only need to go to .com/password and all the files are easily viewed.

Can you help?
Scott
[email protected]

Anonymous posted this at 00:23 — 19th July 1999.

They have: 5,633 posts

Joined: Jan 1970

I am assuming that you are using ASP to require the password... What you would want to do is put a snippet of code at the top of each of your pages that looks like the following:
<%
IF Session("password" = "" OR Session("password" <> "[your password]" Then
Response.Redirect "/password/password.asp"
Else
%>

That will require the password to be entered into the variable "password" and any page that has the code at the top will not display unless the password has been entered. You will want to do some password checking on password.asp and then, once the password has been entered correctly, pass it to a session variable and move on to a secured page. Now this script will only work for one person but it can easily be modified to accept multiple passwords and/or users.

This isn't 100% secure (as nothing is) but it is about as secure as you can get for doing what you would like.

<edit>
I hate that! Each yellow smiley face actually represents a )
</edit>

----------
Dynamic Internet Solutions : http://www.dids.com
UNIX and Windows NT Hosting

anti posted this at 00:40 — 20th July 1999.

They have: 453 posts

Joined: Jan 1999

Hi,

1. Put an "index.html" in the directory. If the webserver is configured in a "secure"-way it should respond with that file even if you are trying to get "/password/".
or
2. Use the ".htaccess" to forbid directory-browsing. (sorry I don't have my apache-reference at hand.)
or
3. use a provider with a secure configured system. Directory browsing should be disabled by default and enabled on a dir-by-dir-basis.

ciao
Anti

Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.