Hi folks, I have searched everywhere to for information on how to make all of my directories non-browsable by default whereever default indexes do not exist. From what I can tell, I am supposed to either supply empty default index files with no content (index.html) or to add a .htaccess file in every directory with one both of the following entries: 1) Options -Indexes 2) deny from all >From my testing, it seems to work going into the forward direction but not in the reverse direction. For example: http://www.foobar.com/dir1/dir2/ a) www.foobar.com has a default index file b) dir1 does not have a default index file but has .htaccess file c) dir2 does not have a default index file but has .htaccess file Testing I got this: 1. http://www.foobar.com ** SUCCESS Page is displayed (and no directory exposure) 2. http://www.foobar.com/dir1 ** SUCCESS: "FORBIDDEN" message appears (no directory exposure) 3. http://www.foobar.com/dir1/dir2 ** SUCCESS: "FORBIDDEN" message appears (no directory exposure) 4. http://www.foobar.com/dir1/dir2 <<<<< backspace to get: http://www.foobar.com/dir1 ** FAIL! Directory and its contents are EXPOSED! Please tell me if this is a bug or that I am doing *something* wrong..... Best regards, Dan
