The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

prevent directory listing

Discussion in 'General Discussion' started by silvernetuk, Feb 18, 2003.

  1. silvernetuk

    silvernetuk Well-Known Member

    Joined:
    Sep 2, 2002
    Messages:
    311
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    United Kingdom
    Hi,

    Is it possible to have a default option to prevent directory listing, if so how is this done ?

    It is to my understanding this can be set in httpd.conf

    I am on a RH 7.3, CPanel/WHM Server

    Regards,
    Garry
     
  2. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,578
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    You can put a .htaccess file in /home

    in it put

    Options -Indexes

    That will stop directory viewing when no index file is present.
     
  3. silvernetuk

    silvernetuk Well-Known Member

    Joined:
    Sep 2, 2002
    Messages:
    311
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    United Kingdom
    Hi,

    so I make a .htaccess with the following in it
    Code:
    Options -Indexes
    then put it in /home

    Have I got it all correct ?

    Regards,
    Garry
     
  4. SprintSlash

    SprintSlash Well-Known Member

    Joined:
    Jan 18, 2003
    Messages:
    163
    Likes Received:
    0
    Trophy Points:
    16
    Yeah, but if you want to do that for every site on the server, then put that in httpd.conf
     
  5. silvernetuk

    silvernetuk Well-Known Member

    Joined:
    Sep 2, 2002
    Messages:
    311
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    United Kingdom
    Hi,

    But I thought they was the idea of putting it in /home dir.

    Regards,
    Garry
     
  6. SprintSlash

    SprintSlash Well-Known Member

    Joined:
    Jan 18, 2003
    Messages:
    163
    Likes Received:
    0
    Trophy Points:
    16
    It depends on what you want to do.

    To prevent directory listing for one web site, put "Options -Indexes" in /home/user/.htaccess
    To prevent directory listing for ALL the web sites on the server or all the web site(s) on an IP, put "Options -Indexes" at the right place in /etc/httpd/conf/httpd.conf
     
  7. silvernetuk

    silvernetuk Well-Known Member

    Joined:
    Sep 2, 2002
    Messages:
    311
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    United Kingdom
    Hi,

    Where is the right place in the httpd.conf

    Regards,
    Garry
     
  8. SprintSlash

    SprintSlash Well-Known Member

    Joined:
    Jan 18, 2003
    Messages:
    163
    Likes Received:
    0
    Trophy Points:
    16
    What do you want to do? Every web site on the server or just on one IP?
     
  9. silvernetuk

    silvernetuk Well-Known Member

    Joined:
    Sep 2, 2002
    Messages:
    311
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    United Kingdom
    Hi,

    Every website on the server

    Regards,
    Garry
     
  10. SprintSlash

    SprintSlash Well-Known Member

    Joined:
    Jan 18, 2003
    Messages:
    163
    Likes Received:
    0
    Trophy Points:
    16
    You can put that after the "Options All" line.. ex:

    <Directory />
    Options All
    Options -Indexes
    AllowOverride All
    </Directory>
     
  11. silvernetuk

    silvernetuk Well-Known Member

    Joined:
    Sep 2, 2002
    Messages:
    311
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    United Kingdom
    Hi,

    I been looking in the httpd.conf file and found this

    #
    # Each directory to which Apache has access, can be configured with respect
    # to which services and features are allowed and/or disabled in that
    # directory (and its subdirectories).
    #
    # First, we configure the "default" to be a very restrictive set of
    # permissions.
    #
    <Directory />
    Options All
    AllowOverride All
    </Directory>

    is this where I put it ?

    Regards,
    Garry
     
  12. awsol

    awsol cPanel Test Bitch

    Joined:
    Feb 8, 2002
    Messages:
    591
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Boston MA
    There is an option right in cPanel to do this. Just choose the folders and turn it on.
     
  13. silvernetuk

    silvernetuk Well-Known Member

    Joined:
    Sep 2, 2002
    Messages:
    311
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    United Kingdom
    Hi,

    Is that the Index Manager ?

    Regard,
    Garry
     
  14. Website Rob

    Website Rob Well-Known Member

    Joined:
    Mar 23, 2002
    Messages:
    1,506
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    Alberta, Canada
    cPanel Access Level:
    Root Administrator
    Should be:

    <Directory />
    Options All -Indexes
    AllowOverride All
    </Directory>

    This will give a 403 Forbidden msg. to anyone attempting to view a directory. So make sure a 403.shtml page is created -- cuts down on error log entries. ;)

    It is the "Index Manager" but only for that account. If you want "server-wide" than add the above to your httpd.conf file.
     
    #14 Website Rob, Feb 19, 2003
    Last edited: Feb 19, 2003
  15. awsol

    awsol cPanel Test Bitch

    Joined:
    Feb 8, 2002
    Messages:
    591
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Boston MA
    Sure is :)
     
  16. silvernetuk

    silvernetuk Well-Known Member

    Joined:
    Sep 2, 2002
    Messages:
    311
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    United Kingdom
    Hi,

    It doesn't work for me and yes I type httpd restart in ssh

    Regards,
    Garry
     
  17. silvernetuk

    silvernetuk Well-Known Member

    Joined:
    Sep 2, 2002
    Messages:
    311
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    United Kingdom
    Hi,

    It doesn't work for me and yes I type httpd restart in ssh

    Regards,
    Garry
     
  18. silvernetuk

    silvernetuk Well-Known Member

    Joined:
    Sep 2, 2002
    Messages:
    311
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    United Kingdom
    Hi,

    But this Does Work :D, nice one David

    Regards,
    Garry
     
  19. eurorocco

    eurorocco Well-Known Member

    Joined:
    Jun 23, 2003
    Messages:
    99
    Likes Received:
    0
    Trophy Points:
    6
    In access.conf -Indexes to disable, then restart apache

    In /etc/httpd/conf/access.conf I have...

    <Directory />

    Options -Indexes FollowSymLinks ExecCGI Includes
    AllowOverride All

    order allow,deny
    allow from all

    </Directory>

    Even though in /etc/httpd/conf/httpd.conf I have

    <Directory />
    Options All
    AllowOverride All
    </Directory>

    I can effectively disable directory listings across the server.

    Hope it helps!

    ER

    PD: The normal thing is to get a "Forbidden" page when visiting a folder with no valid index.html, index.htm, etc.
     
  20. cullyn

    cullyn Registered

    Joined:
    Jul 29, 2008
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Did the trick for me, thanks!
     
Loading...

Share This Page