有没有一种方法可以限制外部用户访问我的服务器文件

Question

Is there a way to restrict the external users to access my server files..

example is when i access this dir http://puptaguig.net/evaluation/js/ it shows the 404 page(though it's not obvious) but when i tried to view control.js here http://puptaguig.net/evaluation/js/controls.js it opened up..

   IndexIgnore *
   <Files .htaccess>
   order allow,deny
   deny from all
   </Files>

i just want to make these files inside my server directory to secured from outside viewing for some reasons..but how?

Best Regards..

Answer 1

siegheil/js? Should be siegheil/ns for sure?

You could chmod 000 and then no one would see them or access them. You can't have people accessing and not seeing them at the same time. Can't be done.

Answer 2

You can add below lines to your httpd.conf or. htaccess httpd.conf or. htaccess this will avoid access of your JavaScripts

<Files ~ "\.js$">
 Order allow,deny
 Deny from all   
 Satisfy All     
</Files>

Answer 3

The only way I can think to manage this is deny access to your js files by throwing a .htaccess in the siegheil/js/ folder that says something along the lines of:

deny from all

or just simply put your code in a folder above the root document level of the site itself.

After that, you then use something like minify to retrieve the js files from the backend (PHP / some other server language side) and have the minified / obfuscated code placed in another folder or just outputted directly from the script.

With all that said, in the end, the js code must be downloaded one way or another to be run by the browser. This will make it impossible to prevent people from looking at your code and figuring out what it does if they really want to.

Answer 4

You were able to access http://puptaguig.net/evaluation/js/controls.js but not http://puptaguig.net/evaluation/js/ because most Apache installs prevent an anonymous user from viewing the directory contents, and only permit access to specific files in the directory.

There is no way "hide" client-side JS because without access to those files your users will not be able to run your script. As suggested by @General Redneck, you can obfuscate and minify your js using a tools like minify or uglifyJS , but those can, potentially, been un-minified (minification is still a good idea for performance reasons). Ultimately you are fighting against the "open" nature of the web. I'd suggest putting a license on your code, and keeping an open mind : )

If you really need something to be secure, try accomplishing the essential functionality (which you want to keep private) with a backend language like php or asp.net and feeding the relevant data to you JS script.

Answer 5

You should create an .htaccess file in the relevant directory that has

-Indexes

in it. This will prevent listing of the directory and will cause a 403 error to be raised. Your application can then handle that however it wants to display whatever you want.