Difference between revisions of "Htaccess: Prevent Directory Listing"

From The Uniform Server Wiki
Jump to navigation Jump to search
(Moved to new category; Additional grammar and cleanup edits.)
 
Line 2: Line 2:
 
<div style="padding:0;margin:0; border-bottom:3px inset #000000">
 
<div style="padding:0;margin:0; border-bottom:3px inset #000000">
 
{|  
 
{|  
|[[Image:uc_small_logo.gif | MPG UniCenter]] ||
+
 
 
.htaccess:  
 
.htaccess:  
 
[[Htaccess: Introduction | Introduction]] |   
 
[[Htaccess: Introduction | Introduction]] |   
Line 18: Line 18:
 
'''.htaccess''' - ''Apache directory-level configuration file''
 
'''.htaccess''' - ''Apache directory-level configuration file''
 
|}
 
|}
'''Prevent Folder (Directory) listing'''
+
'''Prevent Directory (Folder) Listing'''
 
 
Sometimes I use the term folder and at other times directory; these are interchangeable and mean the same thing, so forgive me when I do this.
 
  
If you have read the [[Htaccess: Site error documents | Site error documents page]], you will have created a folder named '''error'''. Type the following into your browser address bar: '''<nowiki>http://localhost/errors/</nowiki>''' and you will be greeted with a full listing of its content (folders and files).
+
If you have read the [[Htaccess: Site error documents | Site error documents page]], you will have created a directory named '''error'''. Type the following into your browser address bar: '''<nowiki>http://localhost/errors/</nowiki>''' and you will be greeted with a full listing of its content (directories and files).
  
Try it on any folder that does not contain one of the following pages:
+
Try it on any directory that does not contain one of the following pages:
 
:* index.html, index.shtml, index.html.var
 
:* index.html, index.shtml, index.html.var
 
:* index.htm, index.php3, index.php
 
:* index.htm, index.php3, index.php
 
:* index.pl, index.cgi
 
:* index.pl, index.cgi
and you will receive a listing of its contents, as would anyone on the internet.
+
and you will receive a listing of its contents, as would anyone on the Internet.
  
This may not be a desirable response. The following shows you how to prevent this listing.
+
While this may be useful in some cases, this is not a desirable response for security reasons. The following shows you how to prevent this listing.
  
 
== .htaccess commands ==
 
== .htaccess commands ==
Line 52: Line 50:
  
 
== Personalise index page listings ==
 
== Personalise index page listings ==
If you are not going to prevent folder listings, consider personalising the page displayed.   
+
If you are not going to prevent directory listings, consider personalising the page displayed.   
  
You can personalise the index pages listed by adding a header and footer. This requires either one of two files placed in the folder with the .htaccess file as follows:
+
You can personalise the index pages listed by adding a header and footer. This requires either one of two files placed in the directory with the .htaccess file as follows:
  
 
{|cellpadding="4" cellspacing="4"
 
{|cellpadding="4" cellspacing="4"
Line 73: Line 71:
 
'''README.html'''
 
'''README.html'''
 
|
 
|
Again this is a text file that uses any regular HTML tag, for example:
+
Again this is a text file that uses any regular HTML tag; for example:
  
 
'''<nowiki><h1>More Power of .htaccess</h1>'''</nowiki><br>
 
'''<nowiki><h1>More Power of .htaccess</h1>'''</nowiki><br>
Line 84: Line 82:
 
----
 
----
  
[[Category: Support]]
+
[[Category: Apache Configuration]]
[[Category: Application]]
 
[[Category: Development]]
 

Latest revision as of 11:12, 21 June 2013

.htaccess: Introduction | Site error documents | Prevent Directory Listing | Redirect | Preventing hot linking |

.htaccess - Apache directory-level configuration file

Prevent Directory (Folder) Listing

If you have read the Site error documents page, you will have created a directory named error. Type the following into your browser address bar: http://localhost/errors/ and you will be greeted with a full listing of its content (directories and files).

Try it on any directory that does not contain one of the following pages:

  • index.html, index.shtml, index.html.var
  • index.htm, index.php3, index.php
  • index.pl, index.cgi

and you will receive a listing of its contents, as would anyone on the Internet.

While this may be useful in some cases, this is not a desirable response for security reasons. The following shows you how to prevent this listing.

.htaccess commands

There is only a single command to learn:

Command Comment

IndexIgnore *

This prevents listing of all the files; the * is a wildcard that matches all files

IndexIgnore *.gif *.jpg 

You can be selective and state the file types you do not want listed. Again the wildcard matches all files; in this example all gif and jpg image files are targeted and will not be displayed, while all others will be displayed.

Personalise index page listings

If you are not going to prevent directory listings, consider personalising the page displayed.

You can personalise the index pages listed by adding a header and footer. This requires either one of two files placed in the directory with the .htaccess file as follows:

File name Comment

HEADER.html

This is just a text file containing something like this:

<h1>Power of .htaccess</h1>

Note: You can insert any regular HTML tag. These are not complete HTML pages, just snippets that are included.

README.html

Again this is a text file that uses any regular HTML tag; for example:

<h1>More Power of .htaccess</h1>'''
<p>Why the name README and not FOOTER, I have no idea</p>

Note: You can insert any regular HTML tag. These are not complete HTML pages, just snippets that are included.