htaccess and directory listing

hi.

i have a "downloads" directory in my site that contain files ...
i need to prevent directory listing directly from the browser
ex. http://mysite/downloads/

but i need to enable it when i call it inside the index.html
ex. <A href="/downloads/">downloads</A>

how to do such thing.

Note: i have succeded to prevent direct access to files of type jpg like this:

http://localhost/downloads/sample.jpg
(htaccess)
RewriteCond %{HTTP_REFERER} !^http://(www\.)?localhost [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?localhost.*$ [NC]
RewriteRule \.(exe|jpg)$ - [F]

but how to create an expresion for the whole folder , mean to disable access when access from http://mysite/downloads/ but enable it from <A href="/downloads/">downloads</A>

please help
thanks a lot

Apache Web Server

Last Comment

weissman

8/22/2022 - Mon

xterm

12/4/2013

When you put a hyperlink to /downloads in the code, and the user clicks it, they're just going to pull up the page and be subject to the same htaccess rules as when they first loaded the page.

If you want to show the files in a directory with browsing disabled by htaccess (or by httpd.conf - you can turn off DirectoryIndex in Options too) then you will need to script something to read the directory and dynamically build the page. It's very easy in PHP if you have that installed on your server. Here is a sample script:

<?php

$folder="/var/www/html/ee";
$handle=opendir($folder);
while (false!==($filename=readdir($handle))) {
        if ( ($filename!="..")&&($filename!=".") ) {
                echo "<a href=$filename>$filename</a><br>\n";
        }
}

?>

Open in new window

weissman

12/5/2013

ASKER

first i would thank you for your help....

the problem that my boss prefer not to use php and use a configuration in the httpd.conf

he is Convinced that there should be a solution without rewriting the page in php

i have found this link

http://perishablepress.com/stupid-htaccess-tricks/#sec3

i don't know if i can write a rule for directory

what do you think?

thanks.

xterm

12/5/2013

It doesn't have to be PHP, it could be CGI or SSI, or java(script) but the point is, if you deny clients the ability to list a directory, then the only way you're going to be able to show them the contents of that directory is by having the web server scan that folder and generate a dynamic listing.

You have to understand that <a href=/downloads> doesn't actually do anything until somebody clicks it. And when they click it, they then load the folder just as if they'd gone do it directly from a bookmark, or some other method. In either (and every) case, they will then be subject to whatever rules are in the .htaccess file for that directory (or in httpd.conf if specified there instead, but ultimately it's the same thing)

I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst

William Peck

weissman

12/5/2013

ASKER

thanks again.

i am understanding from your answer that :

<a href=/downloads/> is equals to <a href=http://www.example.com/downloads/>

is that right?

i just want to be sure , are you sure that there are no solution that gave me access from

Relative url

Relative /images/downloads/

But forbid access from

Absolute http://www.example.com/downloads/

The issue that i need directory listing but not from absolute url

thanks very much.

ASKER CERTIFIED SOLUTION

xterm

12/5/2013

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.

View this solution by signing up for a free trial.

Members can start a 7-Day free trial and enjoy unlimited access to the platform.

See Pricing Options

Start Free Trial

GET A PERSONALIZED SOLUTION

Ask your own question & get feedback from real experts

Find out why thousands trust the EE community with their toughest problems.

weissman

12/6/2013

ASKER

Thanks very much I think your suggested solution Is perfect.