Prohibit access to the Apache directory

Recommended for you: Get network issues from WhatsUp Gold. Not end users.
Reprint link:

In the development of PHP website, security considerations for WEB server and the PHP website program based on code, we need to control the relevant directory or file access, in order to prevent accidents from happening, so how are we to achieve this function? We can through the Apache to achieve the catalogue of prohibited access (banned list the directory or file list), prohibit or allow IP and domain name access directory function.

Configuration no directory access in Apache, which prohibits the tour listed directory / file list method

  Visit the site directory Apache default configured to be listed directory / file list, which means that when you visit http://localhost will list the directory and file list, we can modify the Apache configuration file httpd.conf to realize the banned list directory / file list, as follows:

1, Open the Apache configuration file httpd.conf

2, Find

<Directory />
  Options Indexes
  AllowOverride None
  Order allow,deny
  Allow from all
</Directory>

Only need to modify the Options Indexes for Options None, note: according to the PHP runtime environment installed package, Options Indexes also has the possibility is the Options Indexes FollowSymLinks, Options None can be changed to.

Also note that the thing: if you reset the DocumentRoot, such as the following: change the place also is different
<Directory "D:/Apache2/webpage">

#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.0/mod/core.html#options
# for more information.
#
# Options Indexes FollowSymLinks
Options FollowSymLinks

#The role of Indexes is when the directory without the index.html file, it displays the directory structure, remove the Indexes, Apache will not display the list of directories. 


# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride None

#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all

</Directory>

3, Save httpd.conf, and restart Apache, and then visit the http://localhost, reported Apache HTTP 403 Forbidden access error information
  Forbidden
  You don't have permission to access / on this server.

Another method is specified in the Web Directory: " index.html, index.php, " can also access directory, but did not solve the fundamental problem.
Thus, by configuring the Apache server we can achieve a ban directory access (listed in the directory or file list), these features are essential for safety performance improvement and optimization of WEB server.
Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download

Posted by Elmer at December 02, 2013 - 6:55 PM