rejetto forum

Software => HFS ~ HTTP File Server => Topic started by: Scrapie on May 07, 2007, 04:08:06 PM

Title: Security-Thing
Post by: Scrapie on May 07, 2007, 04:08:06 PM

Hi

I'm using HFS for hosting a little website.
No CGI, no DB - just simple html - nice and secure - that's why I like HFS :)

Coz of this I don't want the users to browse the root-folder. With the "Default File Mask" no problems BUT

- If HFS starts up and
- the vfs gets loaded and
- if a user during loading requests a site

then he will get the complet dir-list of the root-folder + can dl files from here even if he normaly wouldn't see them.
This happens only during the short time while HFS is loading the vfs-file.
Obviously it would be better that HFS would show the 404-Page in stead of the complet root in such a case ...

HFS v2.1d Build #088


Cheers,
Scrapie

Title: Re: Security-Thing
Post by: maverick on May 07, 2007, 04:30:22 PM

I personally can't see that happening.  However, if that is a concern of your's how about turning the server OFF before exiting?  When you reload the server, it will be loaded with the OFF setting active.  You can then turn it ON after it is completely loaded or when you are ready.

Title: Re: Security-Thing
Post by: rejetto on May 07, 2007, 06:01:18 PM

right click on the root
disable "browsable"

Title: Re: Security-Thing
Post by: Scrapie on May 08, 2007, 02:50:37 PM

Quote from: rejetto on May 07, 2007, 06:01:18 PM

right click on the root
disable "browsable"

Hi

Yes, this is working :)
The only thing is to allow browsing for the upload-folder - all the rest disabled.
Otherwise the user will get the errorpage instead of the ul-page.

Thx,
Scrapie

Title: Re: Security-Thing
Post by: rejetto unlogged on May 12, 2007, 12:29:35 PM

then, move all the content of your site in a folder.
disallow browsing for that folder.
put a redirection script in the root, in an index.html file