httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tom Evans <>
Subject Re: [users@httpd] Directory Permssions
Date Wed, 15 Jul 2009 08:55:47 GMT
On Tue, 2009-07-14 at 12:45 -0700, ML wrote:
> Hi Doug,
> >> So does that prevent crawling and browsing, but does allow if I  
> >> click a link or include a file it will work?
> >>
> >
> > No, it prevents the directory and all files within from being served  
> > by the webserver at all. Anything else is either half-secure or half- 
> > broken
> >
> > I don't understand what you mean by "crawling", "browsing", and  
> > "include a file". They're really all the same thing: A client (be it  
> > Firefox or GoogleBot) is asking the webserver for something.
> >
> > If you want to prevent the nice robots from asking for something,  
> > you can use a robots.txt file. This will not prevent naughty robots  
> > from asking for something.
> Lets think about this a different way.
> Say I have a directory of files that contain my MySQL connection  
> information, queries, etc, etc.
> How do I prevent people from browsing the directory but allow the  
> files to still be used when I include them in a page. Say to connect  
> to MySQL.
> -Jason

Don't ever put them inside your document root. Ever. Place them outside,
and then include them from within the PHP script which requires it. PHP
doesn't give a monkey's where on disk you load things from.

Seriously, this is one of the many ways that a developer/server admin
can be made to look like a fool. Don't put configuration data inside
your document root.



The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message