Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

forbidden if no index file

Status
Not open for further replies.
kurkulis

kurkulis

IS-IT--Management
Jan 1, 2007
11
LV
Hi to all!
i wanted to ask, how to configure apache to check if there is index file in directory, if not then show forbidden message (but not to list all files in that directory)
p.s. apache on linux if thats makes some difference

thanks
 
Sort by date Sort by votes
There are several possible ways to do this. The apache package included with most linux distros are set up to do this when they are first installed - but instead of displaying a forbidden message, they display a welcome message.

http.conf would have an Include directive like this (your installation probably has this already):
http.conf said:
# Load config files from the config directory "/etc/httpd/conf.d".
#
Include conf.d/*.conf
Click to expand...

The included conf directory would have a welcome.conf like:
welcome.conf said:
#
# This configuration file enables the default "Welcome"
# page if there is no default index page present for
# the root URL. To disable the Welcome page, comment
# out all the lines below.
#
<LocationMatch "^/+$">
Options -Indexes
ErrorDocument 403 /error/noindex.html
</LocationMatch>
Click to expand...

So, you could simply change the ErrorDocument to whatever you'd like. Instead of the typical 'welcome.conf' you could name the .conf file to something more suitable. Or you could simply add these directives directly to your httpd.conf file without the separate .conf file.
 
Upvote 0 Downvote
For security, you should have an index in each of the directories or a mechanism such as the one smah discussed to keep people from seeing your directory structure. Smah's suggestion is the best way but if you put an index in each directory, they can be as simple as telling people they don't belong there and to go away. Maybe even display their ip address to discourage them from poking around any further. This way can get quite tedious though if you have a lot of directories.
 
Upvote 0 Downvote
thanks to smah and RhythmAce excelent idea!
 
Upvote 0 Downvote
RhythmAce said:
can be as simple as telling people they don't belong there and to go away
Click to expand...
Funny that you should mention that- Not long ago, on a test server I was messing around with something (a CMS maybe) and tried to directly access a lower level folder that I shouldn't have access to. The 'error' [simply a php generated index.html] page was something like: Got your hand caught in the cookie jar, didn't you? It cracked me up at the time & I forgot about it until you reminded me.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

SamBones
  • Locked
  • Question
How Do I Start/Stop Systemd Services as a non-root User?
Replies
2
Views
430
gbaughma
gbaughma
spamjim
  • Locked
  • Question
Sorting out NTFS filesystem issues
Replies
0
Views
136
spamjim
spamjim
hobbytech
  • Locked
  • Question
Internet not connecting
Replies
5
Views
181
Stephen_Hawk
Stephen_Hawk
kevinds
  • Locked
  • Question
Help With Per File/Folder Restriction Based on HTTPS Client Certificate's CN
Replies
0
Views
69
kevinds
kevinds
CecilXavier
  • Locked
  • Question
RHEL IDM with Radius not authenticating
Replies
0
Views
128
CecilXavier
CecilXavier

Part and Inventory Search

Sponsor

Back
Top