How can I hide my server’s directory structure for better security?

0
10
Asked By TechSavvy77 On

I'm self-taught in web development and manage a few small websites using Apache. I've always structured my directories in a way where the URLs directly correspond to their locations. For example, the URL "mysite.com/dir/subdir/" points to "root/dir/subdir/index.php". Recently, a client mentioned that they've received advice about web security and are concerned that I haven't masked the directory structure. They want me to make sure that URLs are independent of my directory layout to obscure where files and folders are actually stored on the server. Is this a common security concern? What are the best practices to achieve this? Should I be implementing htaccess rewriting or using PHP redirects? Note that directory listing isn't exposed since directories without an index file redirect properly.

3 Answers

Answered By ConfusedUser01 On

Wait, what? I thought this was standard? Why is it a security issue?

Answered By DevDudeX On

Do you have any sensitive information stored on your server? If yes, make sure it’s properly protected and not accessible via public URLs.

Answered By SecuritySleuth On

Best practice dictates that your main application entry and static assets should be in a public folder, while sensitive libraries or scripts should be placed in a different directory adjacent to this public one. This way, you keep your actual filesystem hidden from potential attackers.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.