for years now i have been storing millions of files from clients and the clients customers like so:
recently, somehow Google got hold of the “AccessableFiles” directory even though it is not referenced anywhere on the primary website, and now all the email addresses have been exposed.
i went through and started putting in a redirect index.html file into every directory, and also added the following to httpd.conf:
<Directory /var/www/AccessableFiles> Options -Indexes </Directory>
in addition, i am thinking for every directory to maybe “force” a 401 page-not-found error or something like that.
ideally, i would like the customers clients files available if AND ONLY IF they know the exact directory names and the exact file name, but no other access.
It would be nice if somebody took the entire URL and removed the file name and tried to access, a 401-page-not-found error was thrown.
i realize this is probably easy, but i cannot seem to figure this out under pressure.
any other suggestions?
|OS type and version:||rocky linux|