I want to set up the permission for my images folder, so when a user types www.mydomain.com/images he gets a forbidden message page. What permissions do I need to set for it? Thanks
Sorry, I read your message wrong initially -- why not just a 000 if you don't want anyone to see it? Here's a site with info on all the permissions - pick what you want and set it to that. http://www.perlfect.com/articles/chmod.shtml
Apache usually runs as nobody, so denying access to 'others' should do the trick: sudo chmod o-rwx path Code (markup): J.D.
Cool, that site has some great information! Thanks Schlottke, actually, I do have a blank index page. Never thought other people also did that, lol
If you do want to make sure people can't access these images, don't rely on them being 'invisible' - somebody may either guess their names or access them using eavesdropped info. Either set up directory security or configure Apache to require authentication for this folder. J.D.
I think what youwant is something like this: http://www.nr.tc/images/ Right? It's not a file permissions issue. It's controlled by an Apache directive. I'm frantically searching my httpd.conf for the exact directive now..
If what you want is your server to return a 403 error when someone is trying to browse the folder but still let your server show the images as normal make sure you don't have the directory options indexes set. (It's pretty early in the morning and I don't know if I'm very coherent yet, so please bear with me )
Directory permissions are useful if these images are supposed to be stored in the web hierarchy (for whatever reason), but never served to the visitors directly. If there's a need to provide limited web access to the directory, Apache authentication may be used. It's simple to set up: http://httpd.apache.org/docs-2.0/howto/auth.html J.D.
I believe he's talking about HTTP authentication - same stuff I mentioned in the previous post. You can set up a group of people who are allowed to access the directory and Apache will ask every new visitor to authenticate themselves before giving them access to the content. J.D.
Sure thing fryman.. Here is an example VirtualHost container in the httpd.conf file allowing an index to get listed: <VirtualHost 192.168.1.100> DocumentRoot /path/to/htdocs <Directory "/path/to/htdocs"> Options Indexes # this directive allows the listing of an index AllowOverride All </Directory> </VirtualHost> Code (markup): Here is an example of a container that doesn't list an index but returns a 403 error: <VirtualHost 192.168.1.100> DocumentRoot /path/to/htdocs <Directory "/path/to/htdocs"> AllowOverride All </Directory> </VirtualHost> Code (markup): The Options directive has some other stuff you can dictate. Check out the docs at apache.org for the details.
Correct me if I'm wrong, but I think the default value for Options is All and omitting it would in fact allow directory listing. Shouldn't it be Options -Indexes? J.D.
You are right. When I tested to verify my answer this morning, I overlooked my default directory container which has options set to FollowSymLinks. Thanks for watching my back [Note to self: Never, repeat NEVER, try to think on the first cup of coffee in the morning.]