Hello,

I am a newbie Webmaster.

While checking out my site I mistyped the address of a page (one directory down). Well! My entire directory was exposed.

Are there any programs (preferably "free") which can,
Run on a site and let the Webmaster know if any of their directories are exposed
Allow the WebMaster to protect exposed directories

Any and all responses appreciated.

WP1

htaccess

Single User Protection

1. Create the directory your want to password protect in your public_html

2. Create a file .htaccess in that directory that looks similar to:

AuthUserFile /home/domain/.htpasswd
AuthGroupFile /dev/null
AuthName VGSPACE_AREA
AuthType Basic
<Limit GET>
require valid-user
</Limit>


3. Create the password file /home/domain/.htpasswd using the program
/usr/local/bin/htpasswd
To do this, log into your account via Telnet and type:


htpasswd -c .htpasswd username (-c creates a new htpasswd file)


or use this password generator: http://www.widexl.com/remote/password-generator.html



4. When prompted, enter the password for that user.

You didn't specify what web server software you are using (Apache, IIS or another one) but if it is Apache, you may be able to use an .htaccess file in your top-level directory with the following line in it ...

Options -Indexes

Use the above line to prevent directory listings of that directory and any sub-directories, unless it is over-ridden by another .htaccess file in one of the subdirectories.

As far as prograns to list any "unprotected" directories in your site, I am not aware of any.

for starters, I put an index.htm page in all my directories. If the public is not expected to be there, then the index.htm for that directory is blank (<html><body></body></html>.