|
Design Tip:
Add Default Files To Subdirectories
by Larisa Thomason,
Senior Web Analyst,
NetMechanic, Inc.
You probably have files on your Web site that aren't available to visitors. Usually, they're just outdated information you haven't gotten around to deleting. They may also contain important information about your business or products that you aren't ready to make public. You think they're safe because no other links point to those files. You may be wrong.
Many webmasters don't realize that private Web files are often easily accessible to anyone with a little bit of Web savvy. Fortunately, they're also easy to secure: add a default file to every subdirectory on your site.
Behind The Scenes At The Server
Most users never consider what goes on behind the scenes when they type in a domain name like NetMechanic.com and receive the NetMechanic home page. You don't have to specifically request a page called index.htm, but you get it anyway.
That's because Web servers are configured to assume that when someone enters a top-level domain name, that they're really asking for something called the default home page. The server looks for a page named either "index" or "default" and sends it when a browser requests the top-level domain name by itself.
Depending on the server configuration and operating system, acceptable default file names and extensions include:
- index.html
- index.htm
- index.asp
- default.html
- default.htm
|
You'll have to contact your Web host to find out what default page names their servers require. This is very important information! Without a default file, the server won't send your home page when visitors enter your domain name. Instead, they will see a "File Not Found" error message - or worse - get a promotional message from your Web host.
A broken link on your page is bad, but a broken home page link could sink your site. What a terrible way to begin an online relationship!
Subdirectories Also Need Default Files
Subdirectories (or folders) also need default files. For instance, you can go directly to our newsletter archive by typing either of these addresses directly into your browser window:
http://www.netmechanic.com/news/
http://www.netmechanic.com/news/index.htm
From this, you can infer that the default file name for our server configuration is "index.htm."
But visitors see something completely different when a subdirectory lacks a default file. They get an "Index" Web page that shows the structure of the directory and gives them access to every file contained within it. Yes, you can password protect the files, but why go to that much effort when you can easily hide them from view?
This example image shows what that index page looks like. It's not from the NetMechanic site though - and we aren't saying what large, national organization this came from. We hope they've fixed the problem by now anyway.
Look closely at this image. Visitors have direct access to every file in the subdirectory!
Note that some servers are configured to be more secure. They give a curt "404 Access Forbidden" error message when a default file is missing. That's more secure for you, but it's pretty unfriendly to communicate with visitors!
Create Useful Default Files
It may seem like a lot of trouble to create what amounts to a "home page" for each subdirectory, but just a little effort can make your site more secure and increase the usability level for visitors.
Just think how nice it is to type in "NetMechanic.com/news/" and easily browse for individual newsletter stories. It would be a lot harder if you had to use a search box to navigate to each story individually.
So consider your site structure. Does your "products" subdirectory have multiple product offerings? The default page of that subdirectory is a great place to briefly introduce each piece of your product line and direct visitors to more information about each product!
That gives visitors the information they need quickly and gives search engine spiders good content to index and links to follow. But remember to update the links in your navigation system, your text content, and check links pointing to your site from other Web sites! Each time you change your site's structure or file names, you may inadvertently cause broken links.
Quickly check for broken links using the Link Check feature of HTML Toolbox. It tests the links on your pages and alerts you to broken ones before they irritate your visitors.
The subdirectory (or subdirectories) where you store your image files is another story. There's no need for a chatty home page there. Just create a simple HTML file that says access to this directory is not allowed and add links back to your major pages. And remember to save this file as the default name!
This quick and easy technique makes your site more secure and enhances the browsing experience for your visitors. It's one of those simple things you really can't afford not to do!
|
