i am using apache server and presently when i try accessing any folders of my website i am able to browse the files ex = www.website.com/images which is a serious security risk as i am building a forum website using php and mysql. in the root directory i have created a .htaccess file and whenever someone access a file which is not on the server i have created a user friendly message that the file does not exist instead of a 404 error message displayed by the browser. similar to this how can i go about restricting users to browse all my folders in the toot directory. if anyone accesses for ex = www.website.com/phpscripts an alert should appear asking them to enter a username and password. 1. how can i do this using apache. 2. where do i write the username and password information and will this apply to all the folders in the root directory or specific directories. please advice. thanks.
you can put on .htaccess on the folder and add <IfModule mod_rewrite.c> IndexIgnore * </IfModule> so that your file will not be seen. hehehe
i suppose i can create the .htaccess using notepad and upload to the server however in order to create the .htpasswd file i need to use a linux console. as per the php info i am using a linux machine, could you suggest any linux based tools i can use in order to connect to the linux server in order to create the .htpasswd file using a linux console. also i assume my web hosting company would provide the login details to me. i guess i need the ip address, username and password of my linux server are there any other details to connect using a linux console. also i suppose i have to execute a command from this linux console in order to create the .htpasswd file please advice.
As lawrenz said, you don't need console access to create a .htpasswd file. Simply create it using notepad (or any text editor) and upload it to your site. That should do.