Htaccess: Prevent Directory Listing: Difference between revisions
(Punctuation and grammatical changes; some clarification.) |
(Moved to new category; Additional grammar and cleanup edits.) |
||
(One intermediate revision by the same user not shown) | |||
Line 2: | Line 2: | ||
<div style="padding:0;margin:0; border-bottom:3px inset #000000"> | <div style="padding:0;margin:0; border-bottom:3px inset #000000"> | ||
{| | {| | ||
.htaccess: | .htaccess: | ||
[[Htaccess: Introduction | Introduction]] | | [[Htaccess: Introduction | Introduction]] | | ||
Line 18: | Line 18: | ||
'''.htaccess''' - ''Apache directory-level configuration file'' | '''.htaccess''' - ''Apache directory-level configuration file'' | ||
|} | |} | ||
'''Prevent Folder | '''Prevent Directory (Folder) Listing''' | ||
If you have read the [Htaccess: Site error documents | | If you have read the [[Htaccess: Site error documents | Site error documents page]], you will have created a directory named '''error'''. Type the following into your browser address bar: '''<nowiki>http://localhost/errors/</nowiki>''' and you will be greeted with a full listing of its content (directories and files). | ||
Try it on any | Try it on any directory that does not contain one of the following pages: | ||
:* index.html, index.shtml, index.html.var | :* index.html, index.shtml, index.html.var | ||
:* index.htm, index.php3, index.php | :* index.htm, index.php3, index.php | ||
:* index.pl, index.cgi | :* index.pl, index.cgi | ||
and you will receive a listing of its contents, as would anyone on the | and you will receive a listing of its contents, as would anyone on the Internet. | ||
While this may be useful in some cases, this is not a desirable response for security reasons. The following shows you how to prevent this listing. | |||
== htaccess commands == | == .htaccess commands == | ||
There is only a single command to learn: | There is only a single command to learn: | ||
Line 52: | Line 50: | ||
== Personalise index page listings == | == Personalise index page listings == | ||
If you are not going to prevent | If you are not going to prevent directory listings, consider personalising the page displayed. | ||
You can personalise the index pages listed by adding a header and footer. This requires either one of two files placed in the | You can personalise the index pages listed by adding a header and footer. This requires either one of two files placed in the directory with the .htaccess file as follows: | ||
{|cellpadding="4" cellspacing="4" | {|cellpadding="4" cellspacing="4" | ||
Line 73: | Line 71: | ||
'''README.html''' | '''README.html''' | ||
| | | | ||
Again this is a text file that uses any regular HTML tag | Again this is a text file that uses any regular HTML tag; for example: | ||
'''<nowiki><h1>More Power of htaccess</h1>'''</nowiki><br> | '''<nowiki><h1>More Power of .htaccess</h1>'''</nowiki><br> | ||
'''<nowiki><p>Why the name README and not FOOTER, I have no idea</p></nowiki>''' | '''<nowiki><p>Why the name README and not FOOTER, I have no idea</p></nowiki>''' | ||
Line 84: | Line 82: | ||
---- | ---- | ||
[[Category: | [[Category: Apache Configuration]] | ||
Latest revision as of 11:12, 21 June 2013
.htaccess - Apache directory-level configuration file |
Prevent Directory (Folder) Listing
If you have read the Site error documents page, you will have created a directory named error. Type the following into your browser address bar: http://localhost/errors/ and you will be greeted with a full listing of its content (directories and files).
Try it on any directory that does not contain one of the following pages:
- index.html, index.shtml, index.html.var
- index.htm, index.php3, index.php
- index.pl, index.cgi
and you will receive a listing of its contents, as would anyone on the Internet.
While this may be useful in some cases, this is not a desirable response for security reasons. The following shows you how to prevent this listing.
.htaccess commands
There is only a single command to learn:
Command | Comment |
---|---|
IndexIgnore * |
This prevents listing of all the files; the * is a wildcard that matches all files |
IndexIgnore *.gif *.jpg |
You can be selective and state the file types you do not want listed. Again the wildcard matches all files; in this example all gif and jpg image files are targeted and will not be displayed, while all others will be displayed. |
Personalise index page listings
If you are not going to prevent directory listings, consider personalising the page displayed.
You can personalise the index pages listed by adding a header and footer. This requires either one of two files placed in the directory with the .htaccess file as follows:
File name | Comment |
---|---|
HEADER.html |
This is just a text file containing something like this: <h1>Power of .htaccess</h1> Note: You can insert any regular HTML tag. These are not complete HTML pages, just snippets that are included. |
README.html |
Again this is a text file that uses any regular HTML tag; for example: <h1>More Power of .htaccess</h1>''' Note: You can insert any regular HTML tag. These are not complete HTML pages, just snippets that are included. |