Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Blocking the listing of files in browser.

Posted on 2001-09-06
9
Medium Priority
?
167 Views
Last Modified: 2010-03-04
Hi,

I am using an Apache-Tomcat setup. How do I prevent the listing of files in the browser? For example if I type, http://localhost/projectname/jsp/ in the browser, it should not list the files and directories under the same. How do I go about that?

Thanks,
Brijesh.
0
Comment
Question by:brijeshkumar
  • 4
  • 2
  • 2
  • +1
9 Comments
 

Author Comment

by:brijeshkumar
ID: 6460206
This problem occurs in both Windows and Linux.

I tried the following 2 options

1)
Under 'Static Interceptor' attribute settings, adding the following attribute: suppress="true" in server.xml

2) Changing
          <init-param>
               <param-name>listings</param-name>
               <param-value>true</param-value>
          </init-param>

to
          <init-param>
               <param-name>listings</param-name>
               <param-value>false</param-value>
          </init-param>


in web.xml

0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 6460756
you need to change your httpd.conf (in /etc/httpd usualy):

IndexOptions StandardIndexing
0
 
LVL 1

Accepted Solution

by:
Zook earned 150 total points
ID: 6461136
A very simple solution is to set in http.conf eg.

DirectoryIndex index.html /index.html

Whenever no local index page (index.html) is found the global one "/index.html" will be shown, thus preventing the generic directory listing.

Of course you can also use a line like this one:
DirectoryIndex index.var index.shtml index.html welcome.htm /noaccess.html

Names will be tried left to right.

cu
Zook
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 

Author Comment

by:brijeshkumar
ID: 6463057
Hi Zook,

I tried that option. In fact before you replied I had got that option from my friend. But its a workaround  - a crude way of doing it. It works for sure! But if that user knows the file name then he can request it directly. i.e.
http://localhost/projectname/jsp/filename.jsp/html .

Thanks!
Brijesh.

Hi ahoffman,

Your suggestion gave a error "Invalid directory indexing option".

Thanks for your suggestion.
Brijesh.
0
 
LVL 1

Expert Comment

by:Zook
ID: 6463269
Brijesh,

I am afraid I don't understand your problem then.
It's the idea behind a web site to get the URLs that you request, isn't it? So of course, if you know the exact URL you get the file ...!?

What exactly do you want to achive? What do you want to protect/hide from whom?

cu
Zook
0
 

Author Comment

by:brijeshkumar
ID: 6463423
Hi Zook,

It's like this. I am trying to block the directory listing without giving a blank index.html or index.jsp. Something that can be done by making changes in the configuration files. Is that possible?

Regards,
Brijesh.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 6464861
just comment out the IndexOptions line.
(NOTE: this option may be in each <Directory> context.
0
 

Expert Comment

by:blackc
ID: 6481101
in your configuration file, find the line contained in <Directory 'whateverthedocumentrootis'>
</Directory>
that has:
Options ...
in it.  then just remove the word "Indexes" from it.  it will then provide a 404 error, document not found page when no page is specified and no index exists.  hope it helps!
0
 

Author Comment

by:brijeshkumar
ID: 6481466
blackc,

I tried that. It didn't work.

Regards,
Brijesh.
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As Wikipedia explains 'robots.txt' as -- the robot exclusion standard, also known as the Robots Exclusion Protocol or robots.txt protocol, is a convention to prevent cooperating web spiders and other web robots from accessing all or part of a websit…
In Solr 4.0 it is possible to atomically (or partially) update individual fields in a document. This article will show the operations possible for atomic updating as well as setting up your Solr instance to be able to perform the actions. One major …
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
Suggested Courses
Course of the Month13 days, 10 hours left to enroll

963 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question