NetTalk Central

Author Topic: Google picking up documents from web folder  (Read 373 times)

rupertvz

  • Sr. Member
  • ****
  • Posts: 326
    • View Profile
    • Email
Google picking up documents from web folder
« on: November 08, 2024, 12:24:09 AM »
Hi Guys,

We have a NT web server with SSL, site security, and users must be logged on to access the web server.
Google somehow managed to access documents from the "web" folder, and published links to these online.

Is there a way to block / stop this, as it is a serious security concern for the customer.

rupertvz

  • Sr. Member
  • ****
  • Posts: 326
    • View Profile
    • Email
Re: Google picking up documents from web folder
« Reply #1 on: November 10, 2024, 09:21:02 AM »
Hi Guys,

Google suggests to add a META tag to the HTTP header of the page which calls the PDF's

"X-Robots-Tag: noindex"

Is the correct place to add this META tag under the xHTML tab of the NWB
After heading ?



Bruce

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 11247
    • View Profile
Re: Google picking up documents from web folder
« Reply #2 on: November 11, 2024, 10:35:50 PM »
Hi Rupert,

>> Is there a way to block / stop this, as it is a serious security concern for the customer.

I feel like you're missing the point here. If have the files publically available in the web folder is a security concern, then you should fix that. Perhaps by describing why private files are in a public folder to begin with?

Turning off Google indexing doesn't stop people fetching the files. If google found them, so can everyone else. And malicious users don't respect the settings in your robots.txt file.

Cheers
Bruce

rupertvz

  • Sr. Member
  • ****
  • Posts: 326
    • View Profile
    • Email
Re: Google picking up documents from web folder
« Reply #3 on: November 11, 2024, 11:43:26 PM »
Hi Bruce,

Thank you, it is files which the users upload as supporting documents which we are storing in a documents sub-folder contained in the web folder.
When I try to browse those files, I am not able to.  Thus a malicious user would need to know the full file-name of the file to get to it?  Or is there another way?

I maybe wrong, but would imagine that Google indexed the file whilst it was being opened / viewed by a user in Chrome.

Is there a way to project files in the web folder?
Or if the web folder is always publicly accessible, should I put the files outside the web folder, and change my user-procedure that it opens from local disk and not via URL?

« Last Edit: Today at 05:31:26 AM by rupertvz »