[smooth]

Hello again,

How do you stop your site from having a directory listing in a folder?

For example, my images folder, how can I protect it from someone typing in:

http://www.mysite.com/images

And then them shown a directory of my images folder? I am pretty sure there is a way of doing this.

Any ideas?

[Sequal7]

Depends on your host type how to protect directories.
Who and what is your host and if you have a hosting provider, what type of Control panel do they use?

[smooth]

Our host is 1and1, and you can see the admin login page here.

I'm not sure exactly what type of panel it is, maybe CPanel?

We are under the Microsoft Developer package.

[Squashman]

Just put an index.html file in the directory and have it redirect to the main web page. If you were running on an apache server you could also use an .htaccess file but we already know you are using IIS.

[smooth]

Yeah, I was afraid I would have to do that.

I'm thinking I'll have to put that redirect index page in all my folders on the site, because if I type in any of my directories, I get a file list.

Grrr....so using .htaccess is about the only way of doing this, besides the redirect page?

[Squashman]

Just read up a little bit more on IIS. I don't think Directory Browsing is enabled by default on IIS. They must have turned it on for some reason. I would talk with your webhost and ask them why they have directory browsing enabled. If I were you I would ***** and complain. Most of the Linux apache Web hosting providers I have used always have that turned off and it is easily turned back on by using an htaccess file for the directories you want directory listings for. It will be a real pain in the butt to put an Index file in every directory if you have a very large directory structure.

If I am reading the documentation for IIS correclty, your webhost should be able to turn off Indexing for your website without affecting any other hosts on the server. It should be able to do it on a per website basis.

[Sequal7]

Is the problem that you trying to access a page, example index.asp and it is displaying the directory of the sites root?

Or are you trying to simply protect your folders from viewing?

1&1 panel for Windows hosting is easy, they dont use CPanel they have thier own interface.

open webfiles
http://faq.1and1.com/applications/webfiles/2.html
select and set right management on your folder
http://faq.1and1.com/applications/webfiles/3.html

If those dont work, perhaps try the IIS snapin:
Follow direction here to protect your directory
http://faq.1and1.com/web_space__acce...ctories/4.html

[Squashman]

Wow, that looks like it solves your password protection problem as well.

[smooth]

Thanks, I'll call them and make sure to tell them I want them to turn off directory browsing.

No, we already have the protected directory set up, that's why I need to use the ASP thing. Having the protected directory only allows one username, and one password, which everyone would use to log in. We want every one to have there own user name, and own password, so we can delete them if they leave the company, so they can't log in to the company after they leave.

[Squashman]

What is the new user button for then. Will it not let you create more than one user.

[smooth]

Wow, didn't see that on there. I'll have to try that out. Not sure if I have that in my package, I'll check it out.

[smooth]

Oh, the Add button is to add a directory, not a user

[Sequal7]

Ok, I am reallly confused by your question now.

Quote:

How do you stop your site from having a directory listing in a folder?

For example, my images folder, how can I protect it from someone typing in:

http://www.mysite.com/images

And then them shown a directory of my images folder? I am pretty sure there is a way of doing this.

If you already have protected directories why are you asking how to protect a directory?

[Squashman]

Quote:

Originally Posted by smooth246

Oh, the Add button is to add a directory, not a user

Not talking about the add directory button. There is one above that says New User and there is a box to the right of that for the username.

[Squashman]

Quote:

Originally Posted by Sequal7

Ok, I am reallly confused by your question now.
If you already have protected directories why are you asking how to protect a directory?

He is talking about keeping the server from doing Directory listings. If he doesn't have an index.html file in the directory, it will show all the files in the directory. This is usually turned off by default on most servers. On an apache server it is real easy to turn back on with an .htaccess file but he is on an IIS server.