Directory Browsing Apache

Linux and Apache are greek to me and I am in a situation where i need to turn off directory browsing.

I read up on a few articles and I found the httpd.config file ant the .htaccess file

The problem with the site is that directory browsing is turned off for http:// BUT when the site is transfered to the secure port (https://), directory browsing is allowed for the secure site.  How do I turn this off?
luckyincAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

luckyincAuthor Commented:
Well, I am not really looking to restrict access to the pages, I am just not wanting Directory Browsing to be on.  I also have the same site on Port 80 and port 443.
0
philjones85Commented:
Look for lines similar to the following:

<Directory "/">
        Options Indexes FollowSymLinks
        Order allow,deny
        Allow from all
</Directory>

get rid of "Indexes"

<Directory "/">
        Options FollowSymLinks
        Order allow,deny
        Allow from all
</Directory>

You may need to find these lines in multiple locations if you're running multiple services (ie 80 and 443)

0
Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

luckyincAuthor Commented:
This is what is confusing me.  I opened the httpd.config file and I found several instances of <Directory>  I made some changes to this yesterday and It did not like my syntax.  I also wondered why it is directing to the cgi-bin directory.

<Directory "path/cgi-bin">
   AllowOverride None
   Order allow, deny
   Allow from all
</Directory>

Then

<VirtualHost :443>
   <Directory "/path/cgi-bin">
            SSLOptions +StdEnvVars
    </Directory>
</VirtualHost>


I found another

#Directories...
<Directory "/">
   Options FollowSysLinks
   AllowOverride None
</Directory>

<Directory "/var/www/html">
   Options Indexes Includes FollowSymLinks
   AllowOverride None
   Allow from all
   Order Deny, Allow
</Directory>

<Directory "/var/www/icons">
  Options Indexes Multiviews
  AllowOverride None
  Allow from all
  Order allow, deny
</Directory>

<Directory "/var/www/cgi-bin">
  Options ExecCGI
  AllowOverride None
  Allow from all
  Order allow, deny
</Directory>
0
luckyincAuthor Commented:
If I want to eliminate directory browsing to all folders after "var/www/whatever/"  Do I need to create a directory entry for every folder name that goes after "var/www/whatever/foldername/"????
0
philjones85Commented:
if you have

<Directory "/var/www/html">
   Options Indexes Includes FollowSymLinks
   AllowOverride None
   Allow from all
   Order Deny, Allow
</Directory>

and you change it to

<Directory "/var/www/html">
   Options Includes FollowSymLinks
   AllowOverride None
   Allow from all
   Order Deny, Allow
</Directory>

then apache should not display a directory listing for any folder under /var/www/html unless



I haven't tested the following, but i believe its correct, play with it and see.

if you create another "directory" within the httpd.conf file like:

<Directory "/var/www/html/browse_directory">
   Options Indexes Includes FollowSymLinks
   AllowOverride None
   Allow from all
   Order Deny, Allow
</Directory>

then users will be able to browse the directory http://domain.com/browse_directory/
but will not be able to browse any others.

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Apache Web Server

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.