I have configured apache by add Options -Indexes to disable directory browser but how can I access resources from website: in my html file (website from host1) has image take from one another server apache (host2), so if I set Options -Indexes in apache (host2) to prevent directory browser then image in my html can't access,too. How to solve this?
Thanks!
Why would a web page, or anything else other than a human, need to access a directory listing? Options -Indexes only stops a directory listing from being generated, it does not prevent access to any of the resources.
Related
Have upgraded PHP 7.4 to to PHP 8.2.1 on mac osx, and for some reason, can not locate what is causing an issue with the .htaccess file having this code in it:
Options -Indexes -Multiviews
If I remove this code the site loads, but than shows all folders and files which is not desirable. Need site to load the index.php file that is being shown here, trying to hide this, but once this is in the .htaccess file, I'm getting the following error message:
Forbidden
You don't have permission to access this resource.
Is there something in PHP that needs to be set? I did change the php_module to point to PHP 8 in the httpd.conf file, so I don't understand what else might need to change to get my localhost loaded properly instead of showing files and folders?
BTW, this was working fine on PHP 7.4, but after updating, no longer works. Maybe I have to install other modules for 8.2.1 to work correctly?
If I switch back to using PHP 7.4 everything is loading fine on the site after restarting apache.
Need site to load the index.php file
You need to set the DirectoryIndex (mod_dir) - this defaults to index.html only (an Apache issue, not PHP). It is the DirectoryIndex that determines which file(s) Apache will try to serve when requesting a directory.
For example:
Options -Indexes -Multiviews
DirectoryIndex index.php
If a DirectoryIndex document (there can be more than 1) is not found... and mod_autoindex is disabled (ie. -Indexes) then you get a 403 Forbidden response. If mod_autoindex is enabled then you naturally see a directory listing. (If mod_autoindex is not installed at all then you get a 404 Not Found.)
mod_autoindex (ie. Indexes) is not enabled by default on Apache 2.4 (it is on Apache 2.2), however, it has likely been explicitly enabled elsewhere in the server config.
On my server, when I access the file http://example.com/file.php with the URL http://example.com/file, it still displays the correct file, although I have no .htaccess with any URL rewriting.
Can I rely on this to work across all (current) browsers?
You probably have mod_negotiation / Options +MultiViews in your httpd configuration. The kind of negotiation you describe shouldn't have any browser dependency.
I'm using Joomla 2.5 and Apache and I have followed this steps:
1- mod_rewrite module is eneabled? YES
2- htaccess.txt renamed to .htaccess
3- set "Use URL Rewriting" to YES.
And this is what I get:
Not Found
The requested URL /about-us was not found on this server.
The web is located in /var/www/
The .htaccess is located in /var/www/
And this is my .htaccess: http://pastebin.com/dq1TYs1t
Thanks for the help.
Since you said allowoverride was set to none, your .htaccess file will be ignored. You need to set allowoverride to all the other option is leave allowoverride at none, and take the contents of the .htaccess file and incorporate it into your apache configuration file. This has the benefit of being slightly faster as apache doesn't need to look in directory tree for .htaccess files (they are really good to allow users that don't have access to the configs the ability to override the base settings, but if you have access to /var/www you should also have access to make changes to the config files.
There is no need to enable any mod_rewrite module.
Need to enable URL rewriting option in global configuration. Also need to rename htaccess.txt file to .htaccess.
please check there is no any third party component of security like admin tools are enable or installed which is blocking this mod rewrite option.
This is so frustrating. My root directory is at home/websitename/websitename/ and my httpd.conf has nothing in it!
My .htaccess is in the same directory as the index.php is supposed to be and all I'm typing into .htaccess (and FTP identifies this as an HTACCESS file) is:
DirectoryIndex Home.php
The error message I get when trying to visit the site is a 403 forbidden to list the directories of "/"
the AllowOverride directive is set to All
Ok actually I made a dumb mistake.
Basically all the things one needs to check in order for the .htaccess to work are these:
Create a .htaccess file in the main directory. Make sure the .htaccess file is made in a file editor for ACSII. (notepad++, dev editor, NO Microsoft Word)
Make sure AllowOverride is set to All in the Apache configuration for your website. It should be under <directory>
Make sure to restart apache after making any changes to the Apache file!! Note that even though .htaccess does not require you to restart Apache, changing anything in the website configuration file requires you to restart Apache in order for it to function.
Lastly, your website should output a 500 Internal Apache Error if it is able to actually read the .htaccess file, NOT a 403: Access Forbidden or directory listing.
I have a .htaccess file & I currently I am working on localhost. For a 404 page error, I have the following code in the .htaccess file:
ErrorDocument 404 /my_local_domain/404.php
But when I upload this file to my website online, the functionality of the file breaks. It no longer shows the 404.php page. It works if I modify the code in the .htaccess file of my online website to the following:
ErrorDocument 404 /404.php
Now all through the changes that I do in the .htaccess file, I would have to remember to remove the domain name before I upload it to the website or I risk breaking the functionality. So with this in mind, here are my questions:
1. How do I solve the above problem without needing to edit the .htaccess file each time (by stripping it off the my_local_domain) I make a change & upload it online?
2. How do I setup 404 page redirection for all the nested folders? (I don't want to setup a .htaccess file for each of the folders. A single .htaccess file that resides in the root folder of the website & controls all the redirection for all the sub-folders would be awesome)
All help is appreciated.
Thank you.
I believe you have two different issues here.
First of all, you should not need to have different paths in development and live site. It appears that you've configured your local Apache to host only one site and each actual sites goes in a subdirectory. It's not a good idea: you'll soon be mixing cookies and sessions between all your dev sites. Have a look at the name based virtual hosts feature: you can configure as many independent sites as you need. You don't even have to buy real domains in you set them in the hosts file.
Secondly, under certain circumstances it can be useful to have different Apache directives. I've been using the following trick.
Pick a keyword for the dev server, e.g. DEV_BOX.
Pass that keyword to Apache in the -D parameter. If you run it as service, you can run regedit and find the HKLM\SYSTEM\CurrentControlSet\Services\Apache2.2\Parameters key. Append -D DEV_BOX to the ConfigArgs value. Restart Apache.
Now, you can use the <IfDefine> directive to set local directives:
-
#
# Common stuff
#
AddDefaultCharset UTF-8
#
# Local-only stuff
#
<IfDefine DEV_BOX>
Options +Indexes
</IfDefine>
#
# Live-only stuff
#
<IfDefine !DEV_BOX>
Options -Indexes
</IfDefine>
First of all I suggest you setup local domains for development. For example if you are developing a website which will go under www.example.com, you can setup a local.example.com in your HOSTS file. You'll do a VirtualHost setup in your apache and the .htaccess will then be the same.
Also, you can setup a build process (e.g via Ant) which will allow you to prepare and generate a zip file with the files which go on the live server. This build will feature the correct configuration files (db configs, mail servers, htaccess etc).