[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Directory Browsing Apache

Posted on 2004-11-04
6
Medium Priority
?
1,189 Views
Last Modified: 2010-03-04
Linux and Apache are greek to me and I am in a situation where i need to turn off directory browsing.

I read up on a few articles and I found the httpd.config file ant the .htaccess file

The problem with the site is that directory browsing is turned off for http:// BUT when the site is transfered to the secure port (https://), directory browsing is allowed for the secure site.  How do I turn this off?
0
Comment
Question by:luckyinc
  • 3
  • 2
6 Comments
 
LVL 8

Expert Comment

by:kiranhk
ID: 12496085
0
 

Author Comment

by:luckyinc
ID: 12496799
Well, I am not really looking to restrict access to the pages, I am just not wanting Directory Browsing to be on.  I also have the same site on Port 80 and port 443.
0
 
LVL 6

Expert Comment

by:philjones85
ID: 12501257
Look for lines similar to the following:

<Directory "/">
        Options Indexes FollowSymLinks
        Order allow,deny
        Allow from all
</Directory>

get rid of "Indexes"

<Directory "/">
        Options FollowSymLinks
        Order allow,deny
        Allow from all
</Directory>

You may need to find these lines in multiple locations if you're running multiple services (ie 80 and 443)

0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:luckyinc
ID: 12504496
This is what is confusing me.  I opened the httpd.config file and I found several instances of <Directory>  I made some changes to this yesterday and It did not like my syntax.  I also wondered why it is directing to the cgi-bin directory.

<Directory "path/cgi-bin">
   AllowOverride None
   Order allow, deny
   Allow from all
</Directory>

Then

<VirtualHost :443>
   <Directory "/path/cgi-bin">
            SSLOptions +StdEnvVars
    </Directory>
</VirtualHost>


I found another

#Directories...
<Directory "/">
   Options FollowSysLinks
   AllowOverride None
</Directory>

<Directory "/var/www/html">
   Options Indexes Includes FollowSymLinks
   AllowOverride None
   Allow from all
   Order Deny, Allow
</Directory>

<Directory "/var/www/icons">
  Options Indexes Multiviews
  AllowOverride None
  Allow from all
  Order allow, deny
</Directory>

<Directory "/var/www/cgi-bin">
  Options ExecCGI
  AllowOverride None
  Allow from all
  Order allow, deny
</Directory>
0
 

Author Comment

by:luckyinc
ID: 12504543
If I want to eliminate directory browsing to all folders after "var/www/whatever/"  Do I need to create a directory entry for every folder name that goes after "var/www/whatever/foldername/"????
0
 
LVL 6

Accepted Solution

by:
philjones85 earned 500 total points
ID: 12511401
if you have

<Directory "/var/www/html">
   Options Indexes Includes FollowSymLinks
   AllowOverride None
   Allow from all
   Order Deny, Allow
</Directory>

and you change it to

<Directory "/var/www/html">
   Options Includes FollowSymLinks
   AllowOverride None
   Allow from all
   Order Deny, Allow
</Directory>

then apache should not display a directory listing for any folder under /var/www/html unless



I haven't tested the following, but i believe its correct, play with it and see.

if you create another "directory" within the httpd.conf file like:

<Directory "/var/www/html/browse_directory">
   Options Indexes Includes FollowSymLinks
   AllowOverride None
   Allow from all
   Order Deny, Allow
</Directory>

then users will be able to browse the directory http://domain.com/browse_directory/
but will not be able to browse any others.

0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hi, in this article I'm going to teach you how to run your own site, and how to let people in (without IP). I'll talk about and explain each step... :) By the way, everything in this Tutorial is completely free and legal. This article is for …
If your site has a few sections that need to be secure when data is transmitted between the server and local computer, such as a /order/ section for ordering or /customer/ which contains customer data, etc it would of course be recommended to secure…
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…
With just a little bit of  SQL and VBA, many doors open to cool things like synchronize a list box to display data relevant to other information on a form.  If you have never written code or looked at an SQL statement before, no problem! ...  give i…
Suggested Courses
Course of the Month20 days, 10 hours left to enroll

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question