Blocking the listing of files in browser.

Hi,

I am using an Apache-Tomcat setup. How do I prevent the listing of files in the browser? For example if I type, http://localhost/projectname/jsp/ in the browser, it should not list the files and directories under the same. How do I go about that?

Thanks,
Brijesh.
brijeshkumarAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
ZookConnect With a Mentor Commented:
A very simple solution is to set in http.conf eg.

DirectoryIndex index.html /index.html

Whenever no local index page (index.html) is found the global one "/index.html" will be shown, thus preventing the generic directory listing.

Of course you can also use a line like this one:
DirectoryIndex index.var index.shtml index.html welcome.htm /noaccess.html

Names will be tried left to right.

cu
Zook
0
 
brijeshkumarAuthor Commented:
This problem occurs in both Windows and Linux.

I tried the following 2 options

1)
Under 'Static Interceptor' attribute settings, adding the following attribute: suppress="true" in server.xml

2) Changing
          <init-param>
               <param-name>listings</param-name>
               <param-value>true</param-value>
          </init-param>

to
          <init-param>
               <param-name>listings</param-name>
               <param-value>false</param-value>
          </init-param>


in web.xml

0
 
ahoffmannCommented:
you need to change your httpd.conf (in /etc/httpd usualy):

IndexOptions StandardIndexing
0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
brijeshkumarAuthor Commented:
Hi Zook,

I tried that option. In fact before you replied I had got that option from my friend. But its a workaround  - a crude way of doing it. It works for sure! But if that user knows the file name then he can request it directly. i.e.
http://localhost/projectname/jsp/filename.jsp/html .

Thanks!
Brijesh.

Hi ahoffman,

Your suggestion gave a error "Invalid directory indexing option".

Thanks for your suggestion.
Brijesh.
0
 
ZookCommented:
Brijesh,

I am afraid I don't understand your problem then.
It's the idea behind a web site to get the URLs that you request, isn't it? So of course, if you know the exact URL you get the file ...!?

What exactly do you want to achive? What do you want to protect/hide from whom?

cu
Zook
0
 
brijeshkumarAuthor Commented:
Hi Zook,

It's like this. I am trying to block the directory listing without giving a blank index.html or index.jsp. Something that can be done by making changes in the configuration files. Is that possible?

Regards,
Brijesh.
0
 
ahoffmannCommented:
just comment out the IndexOptions line.
(NOTE: this option may be in each <Directory> context.
0
 
blackcCommented:
in your configuration file, find the line contained in <Directory 'whateverthedocumentrootis'>
</Directory>
that has:
Options ...
in it.  then just remove the word "Indexes" from it.  it will then provide a 404 error, document not found page when no page is specified and no index exists.  hope it helps!
0
 
brijeshkumarAuthor Commented:
blackc,

I tried that. It didn't work.

Regards,
Brijesh.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.