Dumb Apache Question:
I have an Apache server running for internal testing on a G3, which is running OS X 10.1.4 (not the "Server" version). My question:
I can't seem to find the setting to disable "list view" in my httpd config files. In other words, I dont want users to see directories at all, only files. (i.e.; if a surfer types "www.mysite.com/", they will see my default index page, and NOT see a list view of the directory structure)
I know that this must be a small boolean value I can just "turn off", but where the heck is it?
Thanks!
OS X is turning me into a UNIX geek, slowly but surely! I kinda like it!
I can't seem to find the setting to disable "list view" in my httpd config files. In other words, I dont want users to see directories at all, only files. (i.e.; if a surfer types "www.mysite.com/", they will see my default index page, and NOT see a list view of the directory structure)
I know that this must be a small boolean value I can just "turn off", but where the heck is it?
Thanks!
OS X is turning me into a UNIX geek, slowly but surely! I kinda like it!
Comments
in your /private/etc/httpd.conf file, look for your <Directory "XXX"> that's the main site's directory. (Or any subdirectories you have also explicitly stated)
Under Options here, you'll see Indexes.
That's what you'll want to erase. Once you do, people will get a 403 Forbidden message if they try and get around your index.html file and view a directory listing.
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
So what do I replace "FollowSymLinks" and "None" with exactly?
(OK, time to get off my a$$ and get that fat Apache book already!!)
<strong>Thanks! Here is my default http values:
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
So what do I replace "FollowSymLinks" and "None" with exactly?
(OK, time to get off my a$$ and get that fat Apache book already!!)</strong><hr></blockquote>
Wrong section. You need to go further down and replace
[code]
<Directory "/Library/WebServer/Documents">
#
# This may also be "None", "All", or any combination of "Indexes",
# "Includes", "FollowSymLinks", "ExecCGI", or "MultiViews".
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
Options Indexes FollowSymLinks MultiViews
#
</pre><hr></blockquote>
delete the word "Indexes".
dstranathan,
I am pretty sure the other guy answered your question but here is another slant on the situation - if you want the users to be forced to see a particular page i.e. when they hit <a href="http://www.norse.com"; target="_blank">www.norse.com</a> it pulls up your welcome.html you can use this number:
DirectoryIndex welcome.html
DirectoryIndex can go anywhere inside <Directory> tags.. And the names after Index can be anything on earth: norse.htm norse.php blah blah...
Might not have address your real problem but heck it's good to know...
Now that users get an http error page when they try and hit my "hidden" dir's, This was my goal-thanks.
When they get the error, each error page also has a footer text string that shows the server's IP/DNS name and what version of Apache I'm running. Is there a way to turn this off? I don't want to echo my Apache version to the world if possible. Maybe I am too worried about security. Or maybe I like to tweek too much!
Thanks!
[code]
#
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (error documents, FTP directory listings,
# mod_status and mod_info output etc., but not CGI generated documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of: On | Off | EMail
#
ServerSignature On
</pre><hr></blockquote>
Set serversignature to Off and see what happens. HTH.
Thanks again guys!
Whoo-Hoo, now I'm an "undercover brother"