Anyone know how to snoop proof all directories on a RaQ4i by default? Thanks.

Well, per site like this...

.htaccess with this in it:
Options -Indexes

-though I believe there is an line in the access.conf that you can adjust with this and it would do it for the whole box.

Very cool Chicken. Thanks.

If anyone knows about that htaccess line, I would sure like to try that one too.

Errrrr, that is the .htaccess line... but maybe you meant something else. First, I'm terribly sorry, but I meant access.conf, not httpd.conf...

I believe you could change:

.
.
.

AuthFailDelay 2000000

# Frontpage subwebs use a nice mix of pam and Basic authentication
AuthPAM_FallThrough on

</Directory>

# be more restrictive within a site
<Directory /home/sites/*/>
Options -FollowSymLinks +SymLinksIfOwnerMatch
</Directory>

# @@ServerRoot@@/cgi-bin should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.

#<Directory /home/httpd/cgi-bin>

.
.
.

to...

# be more restrictive within a site
<Directory /home/sites/*/>
Options -Indexes -FollowSymLinks +SymLinksIfOwnerMatch
</Directory>

*but* I'm not 100% certain. If your web server crashes, and you can't use it ever again, you'll know why. :D

Restart apache after mucking with this and see what happens... I don't think anything worse than the web server not restarting could happen (in theory), which you'd then open up access.conf again and un do the line and you *shouild be back to where you started. In theory.

Good luck >>> *hides*

Only let me kow if it *works* :D

Thanks for that open can of gasoline, there Chicken! I think I'll wait till the 4th of July before I try that one out.:angel:

I do appreciate your reply.

Chicken,

I tried this, but I don't see any difference. This was for snoop proof in telnet right? ... What exactly is it supposed to be doing?

its for ftp I believe, I did it to my raq's and all admins login to the /home/sites/www.domain.com/web/ instead of there user directory

Originally posted by brandonk
Chicken,

I tried this, but I don't see any difference. This was for snoop proof in telnet right? ... What exactly is it supposed to be doing?

Actually it is just for web accessible pages while being viewed through a browser. As in, you go to a directory and can see all files listed in the directory due to it not having an index page.

If you want to do something a little less risky, you can simply put the aforementioned .htaccess file (with the "Options -Indexes" line in it) in /home/sites. That will eliminate directory browsing for the entire server (except folders that have their own .htaccess files overriding it).