Difference between revisions of "Htaccess: Prevent Directory Listing"

From The Uniform Server Wiki
Jump to navigation Jump to search
(Punctuation and grammatical changes; some clarification.)
Line 22: Line 22:
 
Sometimes I use the term folder and at other times directory; these are interchangeable and mean the same thing, so forgive me when I do this.
 
Sometimes I use the term folder and at other times directory; these are interchangeable and mean the same thing, so forgive me when I do this.
  
If you have read the [Htaccess: Site error documents | site error documents page]] you will have created a folder named '''error'''. Type the following into your browser address bar: '''<nowiki>http://localhost/errors/</nowiki>''' and you will be greeted with a full listing of its content (folders and files).
+
If you have read the [[Htaccess: Site error documents | Site error documents page]], you will have created a folder named '''error'''. Type the following into your browser address bar: '''<nowiki>http://localhost/errors/</nowiki>''' and you will be greeted with a full listing of its content (folders and files).
  
 
Try it on any folder that does not contain one of the following pages:
 
Try it on any folder that does not contain one of the following pages:
Line 30: Line 30:
 
and you will receive a listing of its contents, as would anyone on the internet.
 
and you will receive a listing of its contents, as would anyone on the internet.
  
You may not find this a desirable response. This page shows you how to prevent this listing.
+
This may not be a desirable response. The following shows you how to prevent this listing.
  
== htaccess commands ==
+
== .htaccess commands ==
 
There is only a single command to learn:
 
There is only a single command to learn:
  
Line 75: Line 75:
 
Again this is a text file that uses any regular HTML tag, for example:
 
Again this is a text file that uses any regular HTML tag, for example:
  
'''<nowiki><h1>More Power of htaccess</h1>'''</nowiki><br>
+
'''<nowiki><h1>More Power of .htaccess</h1>'''</nowiki><br>
 
'''<nowiki><p>Why the name README and not FOOTER, I have no idea</p></nowiki>'''
 
'''<nowiki><p>Why the name README and not FOOTER, I have no idea</p></nowiki>'''
  

Revision as of 13:58, 9 September 2011

MPG UniCenter

.htaccess: Introduction | Site error documents | Prevent Directory Listing | Redirect | Preventing hot linking |

.htaccess - Apache directory-level configuration file

Prevent Folder (Directory) listing

Sometimes I use the term folder and at other times directory; these are interchangeable and mean the same thing, so forgive me when I do this.

If you have read the Site error documents page, you will have created a folder named error. Type the following into your browser address bar: http://localhost/errors/ and you will be greeted with a full listing of its content (folders and files).

Try it on any folder that does not contain one of the following pages:

  • index.html, index.shtml, index.html.var
  • index.htm, index.php3, index.php
  • index.pl, index.cgi

and you will receive a listing of its contents, as would anyone on the internet.

This may not be a desirable response. The following shows you how to prevent this listing.

.htaccess commands

There is only a single command to learn:

Command Comment

IndexIgnore *

This prevents listing of all the files; the * is a wildcard that matches all files

IndexIgnore *.gif *.jpg 

You can be selective and state the file types you do not want listed. Again the wildcard matches all files; in this example all gif and jpg image files are targeted and will not be displayed, while all others will be displayed.

Personalise index page listings

If you are not going to prevent folder listings, consider personalising the page displayed.

You can personalise the index pages listed by adding a header and footer. This requires either one of two files placed in the folder with the .htaccess file as follows:

File name Comment

HEADER.html

This is just a text file containing something like this:

<h1>Power of .htaccess</h1>

Note: You can insert any regular HTML tag. These are not complete HTML pages, just snippets that are included.

README.html

Again this is a text file that uses any regular HTML tag, for example:

<h1>More Power of .htaccess</h1>'''
<p>Why the name README and not FOOTER, I have no idea</p>

Note: You can insert any regular HTML tag. These are not complete HTML pages, just snippets that are included.