What are all the index.php files in the folders good for?

[leeego]

Does anyone know what's the reason behind all the index.php files that are in pretty much every folder of PrestaShop? Are they simply there so that no user can access the "Index of"-page?

[parsifal]

Are they simply there so that no user can access the "Index of"-page?

 

That would be my guess, too...

 

It's kind of universal file-based way for this kind of protection. For example, one might think of including .htaccess files with a proper directive for turning off Directory Indexes, but this would only work with Apache and not with, say nginx...

Edited September 11, 2013 by parsifal (see edit history)

[vekia]

yes, index.php file in each directory is for security purposes. Without this file each user will be able to check directories / files structure. It's definitely bad.

[leeego]

Ok, so they're not needed for any PrestaShop functionality and I can remove them if I know what I do (adjust Apache configuration), right?

[vekia]

that's right, you can forbidden access with apache settings

of course don't remove index.php from root dir :P

[leeego]

Fur future reference or if someone's interested: You have to remove the option Indexes from the Apache config (http://httpd.apache.org/docs/2.2/mod/core.html#options)

[Bukhuu]

yes, index.php file in each directory is for security purposes. Without this file each user will be able to check directories / files structure. It's definitely bad.

 

Cool. Thanks.

 

I have another silly question which is "should i change the content of index.php file? for example some people changed the path of the header location depends on folder level. is it correct or no need to change???

 

 

header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");

header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");

 

header("Cache-Control: no-store, no-cache, must-revalidate");

header("Cache-Control: post-check=0, pre-check=0", false);

header("Pragma: no-cache");

 

header("Location: ../");

 

exit;