Htaccess: Prevent Directory Listing: Difference between revisions

From The Uniform Server Wiki
Jump to navigation Jump to search
(New page: <span id="top"></span> <div style="padding:0;margin:0; border-bottom:3px inset #000000"> {| | MPG UniCenter || .htaccess: [[Htaccess: Introduction | Introduc...)
 
(Moved to new category; Additional grammar and cleanup edits.)
 
(2 intermediate revisions by the same user not shown)
Line 2: Line 2:
<div style="padding:0;margin:0; border-bottom:3px inset #000000">
<div style="padding:0;margin:0; border-bottom:3px inset #000000">
{|  
{|  
|[[Image:uc_small_logo.gif | MPG UniCenter]] ||
 
.htaccess:  
.htaccess:  
[[Htaccess: Introduction | Introduction]] |   
[[Htaccess: Introduction | Introduction]] |   
Line 18: Line 18:
'''.htaccess''' - ''Apache directory-level configuration file''
'''.htaccess''' - ''Apache directory-level configuration file''
|}
|}
'''Prevent Folder (Directory) listing'''
'''Prevent Directory (Folder) Listing'''


I find some times I use the term folder and at other times directory these are interchangeable and mean the same thing so forgive me when I do this.
If you have read the [[Htaccess: Site error documents | Site error documents page]], you will have created a directory named '''error'''. Type the following into your browser address bar: '''<nowiki>http://localhost/errors/</nowiki>''' and you will be greeted with a full listing of its content (directories and files).


If you have read the [Htaccess: Site error documents | site error documents page]] you will have created a folder named error. Type the following into your browser address bar : '''<nowiki>http://localhost/errors/</nowiki>''' you will be greeted with a full listing of its content (folders and files).
Try it on any directory that does not contain one of the following pages:
 
Try it on any folder that does not contain any of the following pages
:* index.html, index.shtml, index.html.var
:* index.html, index.shtml, index.html.var
:* index.htm, index.php3, index.php
:* index.htm, index.php3, index.php
:* index.pl, index.cgi
:* index.pl, index.cgi
and you will receive a listing of its contents as would anyone on the internet.
and you will receive a listing of its contents, as would anyone on the Internet.


You may or may not find this desirable this page shows you how to prevent this listing.
While this may be useful in some cases, this is not a desirable response for security reasons. The following shows you how to prevent this listing.


'''''[[#top | Top]]'''''
== .htaccess commands ==
== htaccess commands ==
There is only a single command to learn:
There is only a single command to learn:


Line 44: Line 41:
'''IndexIgnore <nowiki>*</nowiki>'''
'''IndexIgnore <nowiki>*</nowiki>'''
|
|
This prevents listing of all the files, the * is a wildcard that matches all files
This prevents listing of all the files; the * is a wildcard that matches all files
|-style="background:#f9f9f9"
|-style="background:#f9f9f9"
|
|
'''<nowiki>IndexIgnore&nbsp;*.gif&nbsp;*.jpg&nbsp;</nowiki>'''
'''<nowiki>IndexIgnore&nbsp;*.gif&nbsp;*.jpg&nbsp;</nowiki>'''
|
|
You can be selective and state the file types you do not want listed. Again the wildcard matches all files, in this example all gif and jpg image files are targeted and will not be displayed. While all others will be displayed.
You can be selective and state the file types you do not want listed. Again the wildcard matches all files; in this example all gif and jpg image files are targeted and will not be displayed, while all others will be displayed.
|}
|}


'''''[[#top | Top]]'''''
== Personalise index page listings ==
== Personalise index page listings ==
If you are not going to prevent folder listings consider personalising the page displayed.   
If you are not going to prevent directory listings, consider personalising the page displayed.   


You can personalise the index pages listed by adding a header and footer. This requires either one of two files placed in the folder with the htaccess file as follows:
You can personalise the index pages listed by adding a header and footer. This requires either one of two files placed in the directory with the .htaccess file as follows:


{|cellpadding="4" cellspacing="4"
{|cellpadding="4" cellspacing="4"
Line 68: Line 64:
This is just a text file containing something like this:
This is just a text file containing something like this:


'''<nowiki><h1>Power of htaccess</h1></nowiki>'''
'''<nowiki><h1>Power of .htaccess</h1></nowiki>'''


'''''Note'':''' You can insert any regular HTML tag. They are not complete HTML pages just snippets that are included.
'''''Note'':''' You can insert any regular HTML tag. These are not complete HTML pages, just snippets that are included.
|-style="background:#f9f9f9"
|-style="background:#f9f9f9"
|
|
'''README.html'''
'''README.html'''
|
|
Again this is a text file that uses any regular HTML tag for example:
Again this is a text file that uses any regular HTML tag; for example:


'''<nowiki><h1>More Power of htaccess</h1>'''</nowiki><br>
'''<nowiki><h1>More Power of .htaccess</h1>'''</nowiki><br>
'''<nowiki><p>Why! The name README and not FOOTER I have no idea</p></nowiki>'''
'''<nowiki><p>Why the name README and not FOOTER, I have no idea</p></nowiki>'''


'''''Note'':''' You can insert any regular HTML tag. They are not complete HTML pages just snippets that are included.  
'''''Note'':''' You can insert any regular HTML tag. These are not complete HTML pages, just snippets that are included.  
|}
|}


 
'''''[[#top | Top]]'''''
----
----


{|
[[Category: Apache Configuration]]
| [[Image:uc_small_logo.gif]] || [[User:Ric|Ric]]
|}
 
[[Category: UniCenter]]
[[Category: Support]]
[[Category: Troubleshooting ]]
[[Category: Application]]
[[Category: Development]]

Latest revision as of 11:12, 21 June 2013

.htaccess: Introduction | Site error documents | Prevent Directory Listing | Redirect | Preventing hot linking |

.htaccess - Apache directory-level configuration file

Prevent Directory (Folder) Listing

If you have read the Site error documents page, you will have created a directory named error. Type the following into your browser address bar: http://localhost/errors/ and you will be greeted with a full listing of its content (directories and files).

Try it on any directory that does not contain one of the following pages:

  • index.html, index.shtml, index.html.var
  • index.htm, index.php3, index.php
  • index.pl, index.cgi

and you will receive a listing of its contents, as would anyone on the Internet.

While this may be useful in some cases, this is not a desirable response for security reasons. The following shows you how to prevent this listing.

.htaccess commands

There is only a single command to learn:

Command Comment

IndexIgnore *

This prevents listing of all the files; the * is a wildcard that matches all files

IndexIgnore *.gif *.jpg 

You can be selective and state the file types you do not want listed. Again the wildcard matches all files; in this example all gif and jpg image files are targeted and will not be displayed, while all others will be displayed.

Personalise index page listings

If you are not going to prevent directory listings, consider personalising the page displayed.

You can personalise the index pages listed by adding a header and footer. This requires either one of two files placed in the directory with the .htaccess file as follows:

File name Comment

HEADER.html

This is just a text file containing something like this:

<h1>Power of .htaccess</h1>

Note: You can insert any regular HTML tag. These are not complete HTML pages, just snippets that are included.

README.html

Again this is a text file that uses any regular HTML tag; for example:

<h1>More Power of .htaccess</h1>'''
 <p>Why the name README and not FOOTER, I have no idea</p>

Note: You can insert any regular HTML tag. These are not complete HTML pages, just snippets that are included.


Retrieved from "https://wiki.uniformserver.com/index.php?title=Htaccess:_Prevent_Directory_Listing&oldid=6481"