Unrestricted Access to Subfolders
There is a problem in the FSG that allows the subfolders of a protected web page to be accessed by anybody.
The subfolders of a folder protected by a password are not protected at all and you can browse them freely from the web.
Repeating the Problem
- Set up a web page alias called "Pictures" with a path of "/My pictures/" (the slash at the end indicates you want it as a protected folder)
- Now you have to input a user name and a password to gain access to its content (a HTML page showing thumbnails).
- But if you go directly to a subfolder, e.g. using the following URL: mywebsite.com/Pictures/BlackNWhite, you can enter the subfolder freely and see its content without restriction.
Not the most secure method, but you can create a index.html file in each sub direcotry that redirects the user back to the main Folder that is password protected.