Page 1 of 1

Stop file peeking

Posted: 26 Jul 2011, 20:51
by Stoker
Stop file peeking

Author: thecoalman for Stoker
Description: This guide will prevent direct file peeking. Normally people can watch your files by typing the direct address in the browser.
Html example: styles/prosilver/template/overall_header.html
CSS example: styles/prosilver/theme/colours.css

As You can see this gives direct access to the source code.
We will have to do something about that. We cant hide all the code, but we can hide some and also make it clear that we dont like people peeking our files.
If they try to access your files they will get a HTTP Error 403 - Forbidden

Demo: This site. Try accessing these files:
Html example: styles/prosilver/template/overall_header.html
CSS example: styles/prosilver/theme/colours.css (not active)

Installation instructions: You have to create a .htaccess file for each template and theme where you will use this.

Template:
Create this .htaccess file with notepad and upload it to the template folder:

Code: Select all

<Files *.html>
   Order Allow,Deny
   Deny from All
</Files>
Theme:
Create this .htaccess file with notepad and upload it to the theme folder:

Code: Select all

<Files *.css>
   Order Allow,Deny
   Deny from All
</Files>

Read this!
You may experience some problems using the css part.
What I am using here is a .htaccess file placed in the styles folder with this content:

Code: Select all

<FilesMatch "\.(cfg|html)$">
Order Allow,Deny
Deny from All
</FilesMatch>