Magento Forum

How do I protect my skin folder so it’s not viewable by anyone through Http? 
 
itwsanta
Jr. Member
 
Total Posts:  6
Joined:  2009-04-20
 

Hello all you lovely “Sarcastocrats”, I am a noob, so much a noob that I don’t even know if the spelling I just used for ‘noob’ is correct. If not, learn me how!

Anyways, I can’t find any info in any of the forums, so I’m hoping someone here can help.

I am noticing that by default, the installation of Magento allows anyone in the world to access your sites skin, media, etc. folders directly through http (ex. www.mysite.com/skin)

HOW do I protect my poor little folder structure from prying eyes, please someone HELP!

I am using Magento version 1.3.2.1 and use cPanel

Thanks wink

Liam

 
Magento Community Magento Community
Magento Community
Magento Community
 
i960
Guru
 
Avatar
Total Posts:  633
Joined:  2007-10-01
Bakersfield, CA
 

Are you trying to prevent directory listing or access to the files altogether?  For the former, just follow the instructions on this site: http://www.thesitewizard.com/apache/prevent-directory-listing-htaccess.shtml

 
Magento Community Magento Community
Magento Community
Magento Community
 
ckosny
Guru
 
Total Posts:  349
Joined:  2009-02-28
Luxembourg
 

Also note that it does not make much sense to prevent file access to the skin folder altogether as the skin folder contains all the css and design images that are used on your page. So obviously your users (or rather their browsers) need to be able to access this files as otherwise the website will not display properly.

Claudia

 
Magento Community Magento Community
Magento Community
Magento Community
 
itwsanta
Jr. Member
 
Total Posts:  6
Joined:  2009-04-20
 

Thank you both very much, I did as i960 suggested and it works. I was reading in that link as I was changing the .htaccess file, that it does not actually make it more secure, saying at best it is security by obscurity, which is definitely better than what I had before, but I am wondering if there is any other steps I can take to assure that it is protected to the fullest it could possibly be, maybe it is now, I don’t really know.

 
Magento Community Magento Community
Magento Community
Magento Community
 
i960
Guru
 
Avatar
Total Posts:  633
Joined:  2007-10-01
Bakersfield, CA
 

You don’t want to protect it any further.  If those files are not publicly accessible, then your site will look terrible since it won’t be showing any images or CSS.

 
Magento Community Magento Community
Magento Community
Magento Community
 
itwsanta
Jr. Member
 
Total Posts:  6
Joined:  2009-04-20
 

Got it, that makes sense! Thank you again! I appreciate it!

 
Magento Community Magento Community
Magento Community
Magento Community
 
Jack Chow
Jr. Member
 
Total Posts:  6
Joined:  2009-04-25
 

you can protect your .js files by encode.
images could use watermark.

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top