How to prevent a file listing?

Discussion in 'HTML' started by paul, Aug 23, 2005.

  1. paul

    paul Guest

    Hi,

    If I have a website with an 'images' folder then someone can navigate to the
    folder with their browser and automatically a file listing appears, how can
    I prevent that?

    Thanks,

    Paul
    paul, Aug 23, 2005
    #1
    1. Advertising

  2. paul

    Mark Parnell Guest

    Previously in alt.html, paul <> said:

    > If I have a website with an 'images' folder then someone can navigate to the
    > folder with their browser and automatically a file listing appears, how can
    > I prevent that?


    In the configuration on the server. If it's Apache, and you don't have
    access to the main configuration file (usually httpd.conf), you may be
    able to do it in your .htaccess file by adding the following line:

    Options -Indexes

    --
    Mark Parnell
    http://www.clarkecomputers.com.au
    alt.html FAQ :: http://html-faq.com/
    Mark Parnell, Aug 23, 2005
    #2
    1. Advertising

  3. paul

    Greg N. Guest

    paul wrote:
    > automatically a file listing appears, how can
    > I prevent that?


    Put a file named index.html in there.


    --
    Gregor's Motorradreisen:
    http://hothaus.de/greg-tour/
    Greg N., Aug 23, 2005
    #3
  4. paul

    CptDondo Guest

    paul wrote:
    > Hi,
    >
    > If I have a website with an 'images' folder then someone can navigate to the
    > folder with their browser and automatically a file listing appears, how can
    > I prevent that?


    You can also allow only browsers that identify themselves as being
    referred by your site. if you run apache, put something like this in
    the .htaccess file in the images directory. Note that this kind of
    security is easily circumvented; it will prevent a casual browser from
    accessing images but the referer is easily forged by anyone who is
    determined....

    This will also break some browsers. I've also found that the -Indexes
    option breaks IE for some weird reason.... So I had to turn in back on....

    Options +FollowSymlinks
    Options +SymlinksIfOwnerMatch
    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^http://www.xxxxxxx.com/.*$ [NC]
    RewriteRule .*\.(jpg)$ - [F,L]
    Options +Indexes
    CptDondo, Aug 23, 2005
    #4
  5. paul

    Toby Inkster Guest

    CptDondo wrote:

    > I've also found that the -Indexes option breaks IE for some weird
    > reason....


    You must have been mistaken/drunk/stupid that day. Turning off Directory
    indexes effects all browsers equally.

    --
    Toby A Inkster BSc (Hons) ARCS
    Contact Me ~ http://tobyinkster.co.uk/contact
    Toby Inkster, Aug 23, 2005
    #5
  6. paul

    CptDondo Guest

    Toby Inkster wrote:
    > CptDondo wrote:
    >
    >
    >>I've also found that the -Indexes option breaks IE for some weird
    >>reason....

    >
    >
    > You must have been mistaken/drunk/stupid that day. Turning off Directory
    > indexes effects all browsers equally.
    >


    That's what I would have thought.... But one person with Japanese WinXP
    and IE kept getting permission denied errors until I turned it back
    on.... Worked fine on my Linux/Firefox workstation.... Maybe I'll do a
    bit of testing once I get back on a WinXP box...
    CptDondo, Aug 23, 2005
    #6
  7. paul

    dorayme Guest

    > From: "Greg N." <>
    > paul wrote:
    >> automatically a file listing appears, how can
    >> I prevent that?

    >
    > Put a file named index.html in there.



    What a good idea!
    dorayme, Aug 23, 2005
    #7
  8. CptDondo wrote:

    > Toby Inkster wrote:
    >
    >> CptDondo wrote:
    >>
    >>
    >>> I've also found that the -Indexes option breaks IE for some weird
    >>> reason....

    >>
    >>
    >>
    >> You must have been mistaken/drunk/stupid that day. Turning off Directory
    >> indexes effects all browsers equally.
    >>

    >
    > That's what I would have thought.... But one person with Japanese WinXP
    > and IE kept getting permission denied errors until I turned it back
    > on.... Worked fine on my Linux/Firefox workstation.... Maybe I'll do a
    > bit of testing once I get back on a WinXP box...


    If indexes are off then they SHOULD get a 403 Forbidden error on any
    request to a site's sub directory without either a request explicitly
    for an *existing* document in that directory or a default *index*
    document. 403 error is generated bay the server, the browser has nothing
    to do with it!

    If the OP does not have access to the server configuration to turn off
    indexes or and .htaccess to do the same then as previously suggested a
    very simple solution is to put a index.html file in such folders with
    warning message about improper access and a link back to your html
    documents....

    --
    Take care,

    Jonathan
    -------------------
    LITTLE WORKS STUDIO
    http://www.LittleWorksStudio.com
    Jonathan N. Little, Aug 25, 2005
    #8
  9. Jonathan N. Little wrote:

    > If indexes are off then they SHOULD get a 403 Forbidden error on any
    > request to a site's sub directory without either a request explicitly
    > for an *existing* document in that directory or a default *index*
    > document. 403 error is generated bay the server, the browser has nothing
    > to do with it!
    >
    > If the OP does not have access to the server configuration to turn off
    > indexes or and .htaccess to do the same then as previously suggested a
    > very simple solution is to put a index.html file in such folders with
    > warning message about improper access and a link back to your html
    > documents....
    >


    Maybe my recollection is wrong... But I remember it was a stumper... I
    am using ModRewrite and there may have been some other things in there
    that screwed it up...
    Captain Dondo, Aug 25, 2005
    #9
  10. Captain Dondo wrote:
    <snip>
    > Maybe my recollection is wrong... But I remember it was a stumper... I
    > am using ModRewrite and there may have been some other things in there
    > that screwed it up...


    That may be so, but since the this is done at the server-side all
    browsers would receive the same error message, unless some conditional
    base upon the user-agent...

    Still the simplest is on server end turning off indexes: -Indexes in
    [directory|virtual host|.htaccess]

    or

    adding an index.html doc in folders to prevent listing...

    --
    Take care,

    Jonathan
    -------------------
    LITTLE WORKS STUDIO
    http://www.LittleWorksStudio.com
    Jonathan N. Little, Aug 25, 2005
    #10
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?RGVhc3Vu?=
    Replies:
    1
    Views:
    342
    Karl Seguin
    Jul 12, 2005
  2. Ferman
    Replies:
    4
    Views:
    477
    Roedy Green
    Aug 13, 2003
  3. Leif K-Brooks
    Replies:
    6
    Views:
    725
    Guest
    Dec 16, 2003
  4. Dave Kuhlman

    ANN: zip-ls -- Zip file listing program

    Dave Kuhlman, Jul 19, 2003, in forum: Python
    Replies:
    0
    Views:
    394
    Dave Kuhlman
    Jul 19, 2003
  5. Ian Sparks

    Listing functions in a file IN ORDER

    Ian Sparks, Jun 29, 2004, in forum: Python
    Replies:
    6
    Views:
    283
    Scott David Daniels
    Jul 2, 2004
Loading...

Share This Page