How can I make my attachments directory NOT world readable and still work?

[Evil-Eddy]

One of my boards has a large amount of files in it.  Some of them are only for certain membergroups.  However, since the entire attachment directory can be read due to the chmod 777, anyone can get access to the entire list of attachments by simply going to www.mydomain/yabbse/attachments.

Is there a way I can prevent this from happenning?

Thanks!
-Evil-Eddy

[mediman]

sorry but the lists of files has nothing to do with worldwritable!

what you means is directory browsing!

put a .htaccess in your folder with

Code Select Expand

Options -Indexes
medi

[Evil-Eddy]

Hello mediman,
Well that fixed the indexing, but it also stopped all files from being downloadable in that directory.  Now none of the files can be downloaded there.  I removed it for now.

Any other suggestions?

I'm using freebsd4.3x.

Thanks,
Evil-Eddy

[mediman]

you can put an blank index file in this directory index.php or index.html and then you can put an .htaccess where you restrictet the access!

[mediman]

but an index.php with this content

Code Select Expand

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>401 Authorization Required</TITLE>
</HEAD><BODY>
<H1>Authorization Required</H1>
This server could not verify that you
are authorized to access the document
requested.<p>
Your IP:

<?php     if ($HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"] !=""){        $IP = $HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"];        $proxy = $HTTP_SERVER_VARS["REMOTE_ADDR"];        $host =@gethostbyaddr($HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"]);    }else{        $IP = $HTTP_SERVER_VARS["REMOTE_ADDR"];        $host =@gethostbyaddr($HTTP_SERVER_VARS["REMOTE_ADDR"]);    }   echo "<font color='red'>$IP</font> with <font color='red'>$host</font> ";   ?>


was saved!<p> Thank you very much :)!
</BODY></HTML>

is enough i think!

[Evil-Eddy]

Excellent solution mediman!!!!  I should have used my head and thought of this myself (duh), but thanks so much for pointing out the obvious.

I think this should be added to the next yabb update so other people short on brain power at any given time will also have some protection over indexing of their dir's.  I know this is server dependant and many don't even allow this to happen in the first place, but for those like me, it would be quite helpfulllllllllllll......


Thanks again Mediman!
-Evil-Eddy