Solved

Blocking the listing of files in browser.

Posted on 2001-09-06
9
164 Views
Last Modified: 2010-03-04
Hi,

I am using an Apache-Tomcat setup. How do I prevent the listing of files in the browser? For example if I type, http://localhost/projectname/jsp/ in the browser, it should not list the files and directories under the same. How do I go about that?

Thanks,
Brijesh.
0
Comment
Question by:brijeshkumar
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +1
9 Comments
 

Author Comment

by:brijeshkumar
ID: 6460206
This problem occurs in both Windows and Linux.

I tried the following 2 options

1)
Under 'Static Interceptor' attribute settings, adding the following attribute: suppress="true" in server.xml

2) Changing
          <init-param>
               <param-name>listings</param-name>
               <param-value>true</param-value>
          </init-param>

to
          <init-param>
               <param-name>listings</param-name>
               <param-value>false</param-value>
          </init-param>


in web.xml

0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 6460756
you need to change your httpd.conf (in /etc/httpd usualy):

IndexOptions StandardIndexing
0
 
LVL 1

Accepted Solution

by:
Zook earned 50 total points
ID: 6461136
A very simple solution is to set in http.conf eg.

DirectoryIndex index.html /index.html

Whenever no local index page (index.html) is found the global one "/index.html" will be shown, thus preventing the generic directory listing.

Of course you can also use a line like this one:
DirectoryIndex index.var index.shtml index.html welcome.htm /noaccess.html

Names will be tried left to right.

cu
Zook
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 

Author Comment

by:brijeshkumar
ID: 6463057
Hi Zook,

I tried that option. In fact before you replied I had got that option from my friend. But its a workaround  - a crude way of doing it. It works for sure! But if that user knows the file name then he can request it directly. i.e.
http://localhost/projectname/jsp/filename.jsp/html .

Thanks!
Brijesh.

Hi ahoffman,

Your suggestion gave a error "Invalid directory indexing option".

Thanks for your suggestion.
Brijesh.
0
 
LVL 1

Expert Comment

by:Zook
ID: 6463269
Brijesh,

I am afraid I don't understand your problem then.
It's the idea behind a web site to get the URLs that you request, isn't it? So of course, if you know the exact URL you get the file ...!?

What exactly do you want to achive? What do you want to protect/hide from whom?

cu
Zook
0
 

Author Comment

by:brijeshkumar
ID: 6463423
Hi Zook,

It's like this. I am trying to block the directory listing without giving a blank index.html or index.jsp. Something that can be done by making changes in the configuration files. Is that possible?

Regards,
Brijesh.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 6464861
just comment out the IndexOptions line.
(NOTE: this option may be in each <Directory> context.
0
 

Expert Comment

by:blackc
ID: 6481101
in your configuration file, find the line contained in <Directory 'whateverthedocumentrootis'>
</Directory>
that has:
Options ...
in it.  then just remove the word "Indexes" from it.  it will then provide a 404 error, document not found page when no page is specified and no index exists.  hope it helps!
0
 

Author Comment

by:brijeshkumar
ID: 6481466
blackc,

I tried that. It didn't work.

Regards,
Brijesh.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your site has a few sections that need to be secure when data is transmitted between the server and local computer, such as a /order/ section for ordering or /customer/ which contains customer data, etc it would of course be recommended to secure…
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question