[sudhakararaog]

i am using apache server and presently when i try accessing any folders of my website i am able to

browse the files ex = www.website.com/images which is a serious security risk as i am building a

forum website using php and mysql.

in the root directory i have created a .htaccess file and whenever someone access a file which is not

on the server i have created a user friendly message that the file does not exist instead of a 404

error message displayed by the browser.

similar to this how can i go about restricting users to browse all my folders in the toot directory.

if anyone accesses for ex = www.website.com/phpscripts an alert should appear asking them to enter a

username and password.

1. how can i do this using apache.
2. where do i write the username and password information and will this apply to all the folders in

the root directory or specific directories.

please advice.

thanks.

[Sequal7]

You can create a .htaccess file and place it into the directory, add this to it;

Code:

AuthUserFile /full/path/to/.htpasswd
AuthName "Protected Area Login Required"
AuthType Basic

The full/path/to/ has to be changed to the full path to your folder.
You can use this tool to create the .htpasswd user name and password that are allowed access.
Copy and paste the values into your .htpasswd file and place the new .htpasswd and the .htaccess file into the folder you want protected.

[tomdkat]

Quote:

Originally Posted by Sequal7

You can use this tool to create the .htpasswd user name and password that are allowed access.

Sweet! Great link!

Peace...