9.1 - apache2 directory indexing.
Hi all.
How do i make sure clients CANT browse folders without index.html?
I don't want people to be able to see the directorylisting.
As it is now, if someone "backs up" past the html file to the root of the
folder they get a listing of its contents.
How to prevent that (aside from putting an empty index.html file in there...)
I don't understand the "Option Indexes" directive as described on
http://httpd.apache.org/docs-2.0/mod/core.html.en#options
If i put "Option -Indexes" in the default-server.conf under the
On Tuesday 13 July 2004 08.59, Rikard Johnels wrote:
Hi all. How do i make sure clients CANT browse folders without index.html? I don't want people to be able to see the directorylisting. As it is now, if someone "backs up" past the html file to the root of the folder they get a listing of its contents. How to prevent that (aside from putting an empty index.html file in there...) I don't understand the "Option Indexes" directive as described on http://httpd.apache.org/docs-2.0/mod/core.html.en#options If i put "Option -Indexes" in the default-server.conf under the
it still gives the listing.
The directive is "Options", not "Option". Did you do rcapache2 restart or reload after changing the config file?
On Tuesday 13 July 2004 09:39, Anders Johansson wrote:
On Tuesday 13 July 2004 08.59, Rikard Johnels wrote:
Hi all. How do i make sure clients CANT browse folders without index.html? I don't want people to be able to see the directorylisting. As it is now, if someone "backs up" past the html file to the root of the folder they get a listing of its contents. How to prevent that (aside from putting an empty index.html file in there...) I don't understand the "Option Indexes" directive as described on http://httpd.apache.org/docs-2.0/mod/core.html.en#options If i put "Option -Indexes" in the default-server.conf under the
it still gives the listing. The directive is "Options", not "Option". Did you do rcapache2 restart or reload after changing the config file?
Sorry! Typo. it IS "Options" # The Options directive is both complicated and important. Please see # http://httpd.apache.org/docs-2.0/mod/core.html#options # for more information. Options None This is my default entry in default-server.conf I tried "Options -Indexes" and "Options None -Indexes" anf then did a rcapache2 restart (and even a reboot.) Same problem. -- /Rikard ------------------------------------------------------------------------------------ Rikard Johnels email : rikjoh@norweb.se Web : http://www.rikjoh.com Mob : +46 70 464 99 39 ------------------------ Public PGP fingerprint ---------------------------- < 15 28 DF 78 67 98 B2 16 1F D3 FD C5 59 D4 B6 78 46 1C EE 56 >
On Tuesday 13 July 2004 10.06, Rikard Johnels wrote:
On Tuesday 13 July 2004 09:39, Anders Johansson wrote:
On Tuesday 13 July 2004 08.59, Rikard Johnels wrote:
Hi all. How do i make sure clients CANT browse folders without index.html? I don't want people to be able to see the directorylisting. As it is now, if someone "backs up" past the html file to the root of the folder they get a listing of its contents. How to prevent that (aside from putting an empty index.html file in there...) I don't understand the "Option Indexes" directive as described on http://httpd.apache.org/docs-2.0/mod/core.html.en#options If i put "Option -Indexes" in the default-server.conf under the
it still gives the listing. The directive is "Options", not "Option". Did you do rcapache2 restart or reload after changing the config file?
Sorry! Typo. it IS "Options"
# The Options directive is both complicated and important. Please see # http://httpd.apache.org/docs-2.0/mod/core.html#options # for more information. Options None
This is my default entry in default-server.conf I tried "Options -Indexes" and "Options None -Indexes" anf then did a rcapache2 restart (and even a reboot.) Same problem.
Well, it certainly works for me. Are you saying that if you have a directory /srv/www/htdocs/foo, users can do http://server/foo/ and get a directory listing with Options None and no index.html? Could you post your config?
On Tuesday 13 July 2004 10:19, Anders Johansson wrote:
Well, it certainly works for me. Are you saying that if you have a directory /srv/www/htdocs/foo, users can do http://server/foo/ and get a directory listing with Options None and no index.html? Could you post your config?
I got it to PARTIALLY work.
I changed the -Indexes in the mod_userdir.conf instead. And now it sort of
works.
This is the defaul-server.conf i use right now. The indexes arent shown in the
userdirs, User dirs are visible, (eg. www.rikjoh.com/rikjoh )
BUT the top level (http://www.rikjoh.com/) barfs an error 403
The error log shows
[Tue Jul 13 18:50:10 2004] [error] [client 192.168.1.3] client denied by
server configuration: /home/public_html
How come the server thinks the top level to be a user dir with public_html?
DocumentRoot "/srv/www/htdocs"
On Tuesday 13 July 2004 18.51, Rikard Johnels wrote:
This is the defaul-server.conf i use right now. The indexes arent shown in the userdirs, User dirs are visible, (eg. www.rikjoh.com/rikjoh ) BUT the top level (http://www.rikjoh.com/) barfs an error 403 The error log shows [Tue Jul 13 18:50:10 2004] [error] [client 192.168.1.3] client denied by server configuration: /home/public_html How come the server thinks the top level to be a user dir with public_html?
Because you have a messed up regular expression
AliasMatch ^/([a-zA-Z0-9-_.]*)/?(.*) /home/$1/public_html/$2
That expression matches the username against any string whatsoever, including one of zero length. In other words, this regexp matches your entire server into the home directories :) You really need some string to set the userdirs apart from the "main" directories. The default is ~, the example in default-server.conf uses /user/, you have nada. Put something in there, or revert to the default
On Tuesday 13 July 2004 18.51, Rikard Johnels wrote:
This is the defaul-server.conf i use right now. The indexes arent shown in the userdirs, User dirs are visible, (eg. www.rikjoh.com/rikjoh ) BUT the top level (http://www.rikjoh.com/) barfs an error 403 The error log shows [Tue Jul 13 18:50:10 2004] [error] [client 192.168.1.3] client denied by server configuration: /home/public_html How come the server thinks the top level to be a user dir with public_html?
Because you have a messed up regular expression
AliasMatch ^/([a-zA-Z0-9-_.]*)/?(.*) /home/$1/public_html/$2
That expression matches the username against any string whatsoever, including one of zero length. In other words, this regexp matches your entire server into the home directories :)
You really need some string to set the userdirs apart from the "main" directories. The default is ~, the example in default-server.conf uses /user/, you have nada. Put something in there, or revert to the default AH!!! Its that simple huh!? I was trying to be "smart" so i wouldn't have to use Aliases for the users
On Tuesday 13 July 2004 19:20, Anders Johansson wrote: pages. :) I wanted them up under the top w/o ~ or anything.. Thanks again for your excellent help Anders. I reverted back to the original regexp and now i have everything up. -- /Rikard ------------------------------------------------------------------------------------ Rikard Johnels email : rikjoh@norweb.se Web : http://www.rikjoh.com Mob : +46 70 464 99 39 ------------------------ Public PGP fingerprint ---------------------------- < 15 28 DF 78 67 98 B2 16 1F D3 FD C5 59 D4 B6 78 46 1C EE 56 >
On Tuesday 13 July 2004 10:06, Rikard Johnels wrote:
On Tuesday 13 July 2004 09:39, Anders Johansson wrote:
On Tuesday 13 July 2004 08.59, Rikard Johnels wrote:
Hi all. How do i make sure clients CANT browse folders without index.html? I don't want people to be able to see the directorylisting. As it is now, if someone "backs up" past the html file to the root of the folder they get a listing of its contents. How to prevent that (aside from putting an empty index.html file in there...) I don't understand the "Option Indexes" directive as described on http://httpd.apache.org/docs-2.0/mod/core.html.en#options If i put "Option -Indexes" in the default-server.conf under the
it still gives the listing. The directive is "Options", not "Option". Did you do rcapache2 restart or reload after changing the config file?
Sorry! Typo. it IS "Options"
# The Options directive is both complicated and important. Please see # http://httpd.apache.org/docs-2.0/mod/core.html#options # for more information. Options None
This is my default entry in default-server.conf I tried "Options -Indexes" and "Options None -Indexes" anf then did a rcapache2 restart (and even a reboot.) Same problem.
From the page you mentioned earlier:
Indexes If a URL which maps to a directory is requested, and there is no DirectoryIndex (e.g., index.html) in that directory, then mod_autoindex will return a formatted listing of the directory.
Seems you need to exclude mod_autoindex from the modules list. That list is contained in tha variable 'APACHE_MODULES' in /etc/sysconfig/apache2. Remove 'autoindex' from that list. Afterwards: Run 'SuSEconfig --module apache2' Run 'rcapache2 restart' Cheers, Leen
participants (3)
-
Anders Johansson
-
Leendert Meyer
-
Rikard Johnels