Results 1 to 4 of 4

Thread: Apache disable read css js

  1. #1
    Join Date
    Jan 2008
    Beans
    36

    Apache disable read css js

    Hello all,

    Situation

    Webserver has following directory stucture

    /var/www/ as web root

    /var/www/index.html
    /var/www/foo.css
    /var/www/foo.js
    /var/www/foo.txt

    If a user types /var/www/foo.css as URL in his browser then foo.css is readable.

    Is it possible to disallow direct downloading of certain types of files in apache?

    I dissabled directory reading but still people try to hack apache with trying all kind off guesses.

    greetings,

  2. #2
    Join Date
    Sep 2006
    Location
    Montréal
    Beans
    111
    Distro
    Ubuntu 6.10 Edgy

    Re: Apache disable read css js

    I used to put something along these lines in my configuration file when I used to use an old version of Apache for Windows:

    Code:
    <Files ~ "*.inc">
        Order deny,allow
        Deny from all
    </Files>
    I'm sure the option is similar in modern Apache on Linux..

    However, this won't solve your problem. You can't disable "direct" access to the .css file and still expect it to be usable "within" your site. You can't have it both ways.

    Are you trying to protect your css code? You can't. The only way to prevent people from accessing your files is to not make them publically available in the first place

  3. #3
    Join Date
    Jan 2008
    Beans
    36

    Re: Apache disable read css js

    Hello,

    I do not want to protect those files.
    I just would like it if hackers were not able to fish.

    greetings,
    Last edited by johan.alfa; September 2nd, 2008 at 12:43 PM.

  4. #4
    Join Date
    Apr 2005
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: Apache disable read css js

    If you want the browser to be able to render your page correctly, you'll need to serve up the css files. Its really just an extension of the html file, so its sort of like saying you don't want people to be able to view your page source - but without that, they can't view your page.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •