Shut site down

[Ryka]

Ok, so I just want to shut my site down temporarily while I upload the new site. It will take me a few days to get everything up and running though. Does anyone know the easiest way to do this so that everyone who tries to access the site just gets the same "temporarily shut down" message?

[Vin DSL]

Just make a file called index.html saying 'site is temporarily down' and put it in your root directory...

[Ryka]

Yes, but what if they try to access a file directly? Such as about/site.html?

[Vin DSL]

Oh, yeah --- and, if ppl are entering your site from other directories, just place the same index.html in those directories also. I have 0-byte index.html files all over the place, in all my directories, to keep ppl from snooping around. It's no big deal.

[Vin DSL]

Originally posted by Ryka
Yes, but what if they try to access a file directly? Such as about/site.html?

Hrm... well, I suppose you could use htaccess, but then you're going to have to put them all over the place too. Since most of my htaccess files are different, this would be a hassle for me.

Are you going to make an entirely new site, or just tweak your old one?

[Joshua Clinard]

It's always best to NOT take down your current site, until you are done developing your new site. Just develop it in a directory other than your root, if you need to test parts of it online. Then when everything is done, replace the files. There are several reasons you should not take your old site down, one of which is that the search engine might do a crawl while your site is down, and if that happens, your site could be de-listed. Once you have your new files up, if you change any of the filenames or extentions, you should make redirects to the new files.

[Gwaihir]

And you can password protect that development directory if you want, to keep stray visitors from getting there in accidentally.

[Connie]

Originally posted by Joshua Clinard
It's always best to NOT take down your current site, until you are done developing your new site. Just develop it in a directory other than your root, if you need to test parts of it online. Then when everything is done, replace the files. There are several reasons you should not take your old site down, one of which is that the search engine might do a crawl while your site is down, and if that happens, your site could be de-listed. Once you have your new files up, if you change any of the filenames or extentions, you should make redirects to the new files.

I agree with Joshua. You might want to consider using SSI with CSS in the future. Then you can change your entire web site by changing a few pages.

[Vin DSL]

That's what I was going to suggest next, but I was trying to get some more info first. Maybe he wants to 'kill' the site for a while, for some reason.

Anyway, we all concur. Here's an example of a site I was developing a while back:

http://civic.lenon.com/

You can setup your new site as a subdomain while you're developing it. The nice thing about doing this is it gives you a /cgi-bin/ to work with, et cetera. It will also make the paths a lot easier to setup IMHO. Or, you can simply move your old site to a subdomain or directory where ppl can't find it.

There are many ways to go, depending on what you want to do. Perhaps you can give us more info...

[Connie]

Originally posted by Vin DSL
Oh, yeah --- and, if ppl are entering your site from other directories, just place the same index.html in those directories also. I have 0-byte index.html files all over the place, in all my directories, to keep ppl from snooping around. It's no big deal.

Have to reveal more of my ignorance about all the tech stuff. How
can anyone poke around in your directories? There have been some other post about this, but I did not have the time to peruse the post at the time.

Vin you have 0 byte html files in all your directories to prevent this. I assume you mean a blank file. All my files are htm files. Would I use a html file or an htm file or both.

Looking forward to your response or to any respose about this.

[Spathiphyllum]

Originally posted by clssam

Have to reveal more of my ignorance about all the tech stuff. How can anyone poke around in your directories? There have been some other post about this, but I did not have the time to peruse the post at the time.

Vin you have 0 byte html files in all your directories to prevent this. I assume you mean a blank file. All my files are htm files. Would I use a html file or an htm file or both.

Hello clssam,
There are numerous ways to limit snooping and I'm sure everybody does it slightly differently. Snooping is usually done by typing in a directory name and ending it with a /. Or they can request the address of the old file directly and obtain access if they knew the layout of your site. The typical server defaults to list a tree index of all of your files and concomitant links to them...not good. Hard to stop this without using some authentication protection of your webspace. By placing an empty *.htm or *.html file in every directory, you direct browsers/snoopers to this blank page while your other pages are somewhat inaccessible by casual observation.

Here is one of many methods to tighten up your webpage if you really want to redirect everyone to a specific "under construction" page with as little work as possible.

1. In public_html directory if on Apache server:

Create/edit empty .htaccess file. Change permissions to -rw-r--r-- . Add the following text to .htaccess -

# hide public viewing of access files
<FilesMatch "\.ht(access|passwd|group)$">
deny from all
</FilesMatch>
# stop auto-indexing, disallow cgi in all directories to tighten security
Options -Indexes -ExecCGI
# use redirect to "anypage.htm" using simple cgi script
DirectoryIndex /cgi-bin/redirect.cgi

2. In cgi-bin directory create empty redirect.cgi file. Add the following text and upload in ASCII -

#!/usr/local/bin/perl -w
#
use strict;
print "Location: http://www.yourwebsite.com/change_to_your_homepage_or_construction_ page.htm\n\n";
exit;

3. Change permissions of redirect.cgi to -rwx--x--x

4. In cgi-bin directory create/edit .htaccess file. Change permissions to -rw-r--r-- . Add the following to .htaccess -

# deny indexing from snoopers
DirectoryIndex /cgi-bin/redirect.cgi
# allow cgi access/execution in cgi-bin
Options +ExecCGI

<FilesMatch "\.cgi$">
order deny,allow
allow from all
</FilesMatch>


What these steps do is deny default indexing of your public web pages and redirect everyone who tries to a specific page of your choosing. It will not deny access to those who accidentally type in a correct web address on your site - there is no way to deny this as long as your pages have public read permissions and no authentication is used. It also ensures that *.cgi scripts in your cgi-bin directory only are accessible and executable.

Like I said, this is only one of many ways to control your site but it is a good start. It minimizes your work, tightens up security, and directs everyone to your temporary page. I believe spiders will still be able to keep old links intact since the old webpage addresses are still intact.

Todd

[Darryl]

Have a look at RedirectMatch in the Apache docs. You can use it in your .htaccess (with a regex) to temporarily direct all traffic to your "check back later" page. Doesn't get any easier than that.

[Vin DSL]

Originally posted by clssam

Have to reveal more of my ignorance about all the tech stuff. How
can anyone poke around in your directories? There have been some other post about this, but I did not have the time to peruse the post at the time...

I'm tempted to use your site as an example, Connie but no reason to spank you in public...

Here's a tiger picture that I found on Google:

http://www.cookwood.com/xml/examples/xslt/tiger.jpg

Now, in your browser window, just start stepping backwards:

http://www.cookwood.com/xml/examples/xslt/

Bingo... Not much damage here, but you get the idea.

Let's go snooping again. Here's another tiger pic...

http://www.sandiego-online.com/forum...ages/tiger.gif

It's buried pretty good, judging by the path. Let's start working our way backwards again:

http://www.sandiego-online.com/forums/chinese/images/

Still not too bad. Let's keep going:

http://www.sandiego-online.com/forums/chinese/

Big w00t, huh? 6 major directories laid wide open with more to follow if you keep digging. Not a good thing!

This can be stopped by putting an empty index.html file in the directories --- all the directories --- and it doesn't use any bandwidth or storage space. Get the idea???

[Vin DSL]

Originally posted by Darryl
Have a look at RedirectMatch in the Apache docs. You can use it in your .htaccess (with a regex) to temporarily direct all traffic to your "check back later" page. Doesn't get any easier than that.

Yeah, expect you have to put it in every directory, just like the empty index.html files, which you should have anyway. Plus, I already have .htaccess files in most of my directories --- some bigger than others. The one in my root directory has 5k of redirects in it. I'd have to do something with them and I'm not going to comment out 100's of lines of code, you know? It would basically be creating double & triple work for myself...

[jason]

Actually, Vin, anything you put in .htaccess in one directory is valid in all decendants of that directory (unless, of course, you undo it somewhere else in your site). So, if you put

Options -Indexes

(which is the command for disabling the directory view when there is no index file) in public_html/.htaccess, no one would ever be able to see any file listing for any part of your site. Anyone that tries to sneak a look at your files (if you don't have an index page) will get a "Forbidden" error.

If you don't like the idea of your users seeing a big black Forbidden message, you can redefine what they see through .htaccess easily, as well:

ErrorDocument 403 /errors/403.html

Just make 403.htm say something like "we don't allow directory browsing" or just make it a blank html page. Then you don't have to remember to create the page in every file.

Oh, and just because the file contains zero bytes, it doesn't mean it takes no disk space or bandwidth. Each file requires a few bytes of your disk space for the directory entry, and every time someone requests one of those blank pages, they'll get several bytes of headers with no page data. Yes, the space and bandwidth is minimal, but it isn't exactly zero.

Connie, there is no difference between htm and html files. The original specs used html, but Microsoft adopted the htm extension to comply with their old "8.3" naming convention (which refers to the pre-Windows 95 rule that file names could be up to eight characters with a three letter extension. Now that Windows uses long file names, 8.3 no longer applies, but MS has held on to the "htm" extension. Long story short, it doesn't matter what you use, JPC supports both.

--Jason