In some cases, you will be required to hide folders and contents inside a root/parent web directory in order to prevent others from accessing your confidential directories and the files inside them. If you are little confused with the scenario, let me explain.
Consider a case in which your website has a sub domain and several sub directories inside that sub domain. In a real life scenario, assume that you run an online gadgets store and you run it on a sub domain store.example.com. Now assume that you have a dedicated web app for each brand and you run them as sub directories. So you run apple brands under the URI store.example.com/apple and in similar ways a samsung store under store.example.com/samsung. In such a case, you will have many directories coming under the root sub domain store.example.com
A screenshot of such a case is shown below.
What are the vulnerabilities of not hiding folders & files ?
The risks are plenty. A root directory always contains many important files like the configuration file of your web app software. If some one access this configuration file, he will get details of your database username & password. You can imagine the consequences. To avoid such exploits, we always advice you to hide the contents inside a root directory (whether its of the home domain or a sub domain).
Solutions
There are more than one solutions to fix this vulnerability. The easy and most popular one is to hide folders & files by uploading an empty index.html file inside the root directory.
Solution #1 – Add an empty Index.html file in the root directory
This is a simple and easy solution which can fix the problem. All you need to do is create an empty file and name it index.html. Now upload this file to root directory via FTP. In this way you can hide all folders & files inside a root directory from external access.
You can create an HTML file within your web FTP client as well. I have added 2 screenshots which will give you an overall idea of creating an index.html file from your web FTP client.
STEP 1:- Create a new file by clicking “New File”
STEP 2:- Name the file with extension as “index.html”
STEP 3:- Hit the button “Create New File”
That’s it and you are done!
The outcome of above steps will be a new 0 KB index.html file residing in your root directory. A screenshot of the same is given below.
Now you are done! You have successfully hidden those folders & files inside your root directory from the external world. You can test the same by loading your URI store.example.com in any browser.
I will be updating this article with other possible solutions soon. Keep tuned.
