rejetto forum

Security-Thing

Guest · 5 · 1955
« previous next »
Pages: 1

0 Members and 1 Guest are viewing this topic.

Scrapie

  • Guest
on: May 07, 2007, 04:08:06 PM
Hi

I'm using HFS for hosting a little website.
No CGI, no DB - just simple html - nice and secure - that's why I like HFS :)

Coz of this I don't want the users to browse the root-folder. With the "Default File Mask" no problems BUT

- If HFS starts up and
- the vfs gets loaded and
- if a user during loading requests a site

then he will get the complet dir-list of the root-folder + can dl files from here even if he normaly wouldn't see them.
This happens only during the short time while HFS is loading the vfs-file.
Obviously it would be better that HFS would show the 404-Page in stead of the complet root in such a case ...

HFS v2.1d Build #088


Cheers,
Scrapie

Offline maverick

  • Tireless poster
  • ****
    • Posts: 1052
  • Computer Solutions
    • View Profile
Reply #1 on: May 07, 2007, 04:30:22 PM

I personally can't see that happening.  However, if that is a concern of your's how about turning the server OFF before exiting?  When you reload the server, it will be loaded with the OFF setting active.  You can then turn it ON after it is completely loaded or when you are ready.
maverick

Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13523
    • View Profile
Reply #2 on: May 07, 2007, 06:01:18 PM
right click on the root
disable "browsable"

Scrapie

  • Guest
Reply #3 on: May 08, 2007, 02:50:37 PM
Quote from: rejetto on May 07, 2007, 06:01:18 PM
right click on the root
disable "browsable"

Hi

Yes, this is working :)
The only thing is to allow browsing for the upload-folder - all the rest disabled.
Otherwise the user will get the errorpage instead of the ul-page.

Thx,
Scrapie

rejetto unlogged

  • Guest
Reply #4 on: May 12, 2007, 12:29:35 PM
then, move all the content of your site in a folder.
disallow browsing for that folder.
put a redirection script in the root, in an index.html file

Pages: 1