Magento

Hello all you lovely “Sarcastocrats”, I am a noob, so much a noob that I don’t even know if the spelling I just used for ‘noob’ is correct. If not, learn me how!

Anyways, I can’t find any info in any of the forums, so I’m hoping someone here can help.

I am noticing that by default, the installation of Magento allows anyone in the world to access your sites skin, media, etc. folders directly through http (ex. www.mysite.com/skin)

HOW do I protect my poor little folder structure from prying eyes, please someone HELP!

I am using Magento version 1.3.2.1 and use cPanel

Thanks

Liam

Are you trying to prevent directory listing or access to the files altogether?  For the former, just follow the instructions on this site: http://www.thesitewizard.com/apache/prevent-directory-listing-htaccess.shtml

Also note that it does not make much sense to prevent file access to the skin folder altogether as the skin folder contains all the css and design images that are used on your page. So obviously your users (or rather their browsers) need to be able to access this files as otherwise the website will not display properly.

Claudia

Thank you both very much, I did as i960 suggested and it works. I was reading in that link as I was changing the .htaccess file, that it does not actually make it more secure, saying at best it is security by obscurity, which is definitely better than what I had before, but I am wondering if there is any other steps I can take to assure that it is protected to the fullest it could possibly be, maybe it is now, I don’t really know.

You don’t want to protect it any further.  If those files are not publicly accessible, then your site will look terrible since it won’t be showing any images or CSS.

Got it, that makes sense! Thank you again! I appreciate it!

you can protect your .js files by encode.
images could use watermark.