Preparing your web server before you deploy
23
Restricting access to administrative folders and special file types
When you create a site connection, Contribute creates special files that are stored in folders whose
names begin with an underscore (such as _mm, _baks, and _notes). These folders may contain
files with user names, e-mail addresses, previous versions of web pages, and other types of meta
information used by Contribute. The underscore allows Macromedia Dreamweaver and
Contribute to distinguish between those folders and the other folders in your site.
Contribute and Dreamweaver use this naming convention to filter these special files and prevent
them from appearing in the Dreamweaver Site panel and in the Contribute Remote File Browser.
These hidden folders can’t be browsed, overwritten, or inadvertently altered by users.
Additionally, some search engines and automated programs are designed not to return pages
found in folders whose names begin with an underscore.
To ensure that these folders and files remain protected, review the configuration of your web
server software and make certain that you block HTTP access to folders whose names begin with
an underscore (_mm, _baks, and _notes), the MMWIP folder, and files identified by the file
extensions .lck, .mno, .bak, .lbi, .csi, and .dwt.
In particular, you might want to block HTTP access to the MMWIP folder. The MMWIP folder
contains interim drafts of files (works in progress) that you might want to protect. Macromedia
recommends that you restrict access to the MMWIP folder so that only members of your
organization can browse files within that folder.
Note:
In addition to using the computer’s operating system and web server software configuration
settings, you might consider using a third-party URL scanner to block HTTP access to secure these
files and folders.
Apache web servers
If your website uses Apache, you can explicitly disable browsing folders and files that begin with
an underscore. If you know how to modify the Apache web server’s httpd.conf file and have
permission to do so, you can use the DirectoryMatch directive to prevent visitors from viewing
any file in a folder beginning with an underscore.
If you’re not sure how to edit the Apache httpd.conf file or don’t have permission to do so, ask
your system administrator or Internet service provider (ISP) to do it for you. To learn more about
limiting access to files and folders, and other security issues relevant to the Apache web server, see
the documentation supplied with your Apache distribution.
Microsoft IIS web servers
To prevent unauthorized users from accessing Contribute administrative folders under Microsoft
IIS, use access control lists (ACLs) to prevent read access by unauthenticated users of the
operating system as well as by clients connecting to IIS. When you use ACLs to restrict access,
only properly authenticated users can view the contents of the Contribute administrative folder.
Anonymous web clients, or other users with access to the server, cannot view the administrative
folder and its contents.
Note:
When setting permissions for Contribute administrative folders, ensure that Contribute has
read/write access to the administrative folders and the files they contain. Contribute uses the settings
in these files to enforce role settings of users connecting to the site.
