All web servers are configured to display a default page for a directory if a default file exists. That is how your home page is found when someone simply enters a domain name for the URL for a web site and the home page is displayed. A server is configured to search a list of default file names and if it finds a match, it displays the page. The default files could be similar to what is shown below.
index.htm
index.html
index.shtml
index.php
When someone goes to your site by typing in your URL, the index page is what they normally see first. This prevents viewing other pages or files you may have in the root directory. What your visitor actually sees in this case is your home page.
The other directories(sub-folders) on your website, the ones below your root directory, which is typically called "public", or "public_html", do not normally have this index page. If the index page is not there, your visitor may be able to view every web page or file you have in that directory. A folder without an index page is open and everyone can find your product if they search for it. You thus should create an index page for all your folders.
You can verify whether or not your site is configured to prevent directory listing. You can test this by entering your URL domain name and a directory name for any directory that exists in your site in your web browser (e.g. http://www.yourdomain_name/temp). Doing this should generate a browser error page or list the contents of the directory.
If we assume you have a subdirectory named temp as given by the previous example, you will see the following if directory listing is not prevented.
Index of / temp
Name--------------------Last Modified----------Size
Parent Directory--------30-Apr-2009 11:09--- -
document1.txt-----------29-Apr-2009 10:03--- 20k
document2.pdf-----------28-Apr-2009 06:10--- 1831k
document3.doc-----------27-Apr-2009 09:10--- 568k
The above example shows the complete directory listing of the folder called temp. All someone has to do is to click on the file to open and possibly modify it. They can also download any of the files in the directory. If you happen to be in this situation, you need to add some website protection to your sub-folders.
We see then that if no index page exists on a server configured to prevent listings, an error is normally generated. But when a server is configured to allow a directory listing, the directory index is displayed rather than generating an error.
The index page can be used in any directory on a web site except those directories that already utilize an index page or default page. This includes the root directory. Never place one of these files in the root directory, never overwrite an index page or default page that already exists and never place an index page in a directory where another index page or default page already exists.
The subfolders index page does not have to be anything special. It can be a very simple HTML page as you are only using it to close the door on your folders. The following shows a simple index page you can use.
----------------------------------------------------------------------------------------------
!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"http://www.w3.org/TR/html4/loose.dtd
html
head
/head
body
/body
/html
-----------------------------------------------------------------------------------------------
The above would show a blank web page. Instead of seeing all the files that you have in sub-folder temp, they would simply see a blank web page.
If you want, you can put some text or graphics between *body* and */body*.
You can add some text that perhaps says: "Internal server error. Please contact system administrator."
The text will give the impression that the person trying to get into your site, caused some type of server error and so will hopefully stop them from going any further. The modified index page is shown below.
------------------------------------------------------------------------------------------------
!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"http://www.w3.org/TR/html4/loose.dtd
html
head
/head
body
h1Server Error/h1
Internal server error. Please contact system administrator.
/body
/html
------------------------------------------------------------------------------------------------
You can also take the index web page one step further. You can redirect spying eyes from your website directories back to your home index page in your root directory. You can use what is called a "meta refresh" tag. The tag looks like the following:
META HTTP-EQUIV="refresh" content="0;URL=http://www.yourdomain_name"
You would replace "yourdomain_name" with your actual domain name or whatever URL you would like to put there.
The following shows the index page with the meta refresh tag:
------------------------------------------------------------------------------------------------
!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"http://www.w3.org/TR/html4/loose.dtd
html
head
META HTTP-EQUIV="refresh" content="0;URL=http://www.yourdomain_name"
/head
body
/body
/html
If you are using an index page with the meta-refresh tag only, then instead of someone seeing a blank web page, they actually get re-directed to your Home page. If this was a casual surfer who just happened to end up at your website by mistake, then they will find themselves on your Home front page, and, you might end up getting a customer, a good side benefit of the index.html page with meta-refresh tag.
To learn more about Website Protection and Security, please visit:
http://www.websiteprotection.net/
It is important to remember that when you create an index page, it is important to use a pure text editor such as Notepad or an editor designed to create web pages. Never use Word or a word processor to create web pages. The files that word processors create contain formatting codes and other invisible information that can create problems with web servers. Also, when you save the index page, ensure that it has the proper file extension, e.g., index.html
Friday, October 9, 2009
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment