Solved

Blocking the listing of files in browser.

Posted on 2001-09-06
9
159 Views
Last Modified: 2010-03-04
Hi,

I am using an Apache-Tomcat setup. How do I prevent the listing of files in the browser? For example if I type, http://localhost/projectname/jsp/ in the browser, it should not list the files and directories under the same. How do I go about that?

Thanks,
Brijesh.
0
Comment
Question by:brijeshkumar
  • 4
  • 2
  • 2
  • +1
9 Comments
 

Author Comment

by:brijeshkumar
ID: 6460206
This problem occurs in both Windows and Linux.

I tried the following 2 options

1)
Under 'Static Interceptor' attribute settings, adding the following attribute: suppress="true" in server.xml

2) Changing
          <init-param>
               <param-name>listings</param-name>
               <param-value>true</param-value>
          </init-param>

to
          <init-param>
               <param-name>listings</param-name>
               <param-value>false</param-value>
          </init-param>


in web.xml

0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 6460756
you need to change your httpd.conf (in /etc/httpd usualy):

IndexOptions StandardIndexing
0
 
LVL 1

Accepted Solution

by:
Zook earned 50 total points
ID: 6461136
A very simple solution is to set in http.conf eg.

DirectoryIndex index.html /index.html

Whenever no local index page (index.html) is found the global one "/index.html" will be shown, thus preventing the generic directory listing.

Of course you can also use a line like this one:
DirectoryIndex index.var index.shtml index.html welcome.htm /noaccess.html

Names will be tried left to right.

cu
Zook
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 

Author Comment

by:brijeshkumar
ID: 6463057
Hi Zook,

I tried that option. In fact before you replied I had got that option from my friend. But its a workaround  - a crude way of doing it. It works for sure! But if that user knows the file name then he can request it directly. i.e.
http://localhost/projectname/jsp/filename.jsp/html .

Thanks!
Brijesh.

Hi ahoffman,

Your suggestion gave a error "Invalid directory indexing option".

Thanks for your suggestion.
Brijesh.
0
 
LVL 1

Expert Comment

by:Zook
ID: 6463269
Brijesh,

I am afraid I don't understand your problem then.
It's the idea behind a web site to get the URLs that you request, isn't it? So of course, if you know the exact URL you get the file ...!?

What exactly do you want to achive? What do you want to protect/hide from whom?

cu
Zook
0
 

Author Comment

by:brijeshkumar
ID: 6463423
Hi Zook,

It's like this. I am trying to block the directory listing without giving a blank index.html or index.jsp. Something that can be done by making changes in the configuration files. Is that possible?

Regards,
Brijesh.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 6464861
just comment out the IndexOptions line.
(NOTE: this option may be in each <Directory> context.
0
 

Expert Comment

by:blackc
ID: 6481101
in your configuration file, find the line contained in <Directory 'whateverthedocumentrootis'>
</Directory>
that has:
Options ...
in it.  then just remove the word "Indexes" from it.  it will then provide a 404 error, document not found page when no page is specified and no index exists.  hope it helps!
0
 

Author Comment

by:brijeshkumar
ID: 6481466
blackc,

I tried that. It didn't work.

Regards,
Brijesh.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction As you’re probably aware the HTTP protocol offers basic / weak authentication, which in combination with the relevant configuration on your web server, provides the ability to password protect all or part of your host.  If you were not…
Hi, in this article I'm going to teach you how to run your own site, and how to let people in (without IP). I'll talk about and explain each step... :) By the way, everything in this Tutorial is completely free and legal. This article is for …
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question