How do I disable single option override in specific folder in Apache? I'd like to force DirectoryIndex value in specific folder, so DirectoryIndex option in .htaccess of that folder will be ignored. I'd expect configuration should look somehow similar, but neither works:
<Directory "/home/me/www/symfonyProject1">
DirectoryIndex app_dev.php
AllowOverride -Indexes
</Directory>
or this
<Directory "/home/me/www/symfonyProject1">
DirectoryIndex app_dev.php
AllowOverride Options=-DirectoryIndex
</Directory>
Is this even possible? How could I achieve that?
Using: Apache/2.2.8 (Win32) & Windows 7 x64
The only possiblility, even though it is definitely not kosher, is to let .htaccess be ignored by versioning system locally. Then you can change as you wish to adapt you instance.
In case you need to change original .htaccess, you must do following (for GIT):
backup your modified .htaccess file
Comment out line .htaccess in file .git/info/exclude
do git checkout -- .htaccess to retrieve original file
modifiy and commit changes
Uncomment .htaccess line in .git/info/exclude
Copy modified .htaccess from backup to working tree
I did not get this working with the <Directory> tag in httpd.conf but it was working if I did the following:
In /home/me/www/symfonyProject1 create a .htaccess file and put DirectoryIndex app_dev.php in it.
This should work as long as you AllowOverride All (Or more narrow if needed) in the parent configuration.
I am using Apache 2.2.17 for Windows. To set up .htaccess file, when I was going through httpd.conf file, I was not able to find the word called “AccessFileName”. I believe there should be a line like this: AccessFileName .htaccess. How can I solve this?
Here is the httpd.conf file.
The AccessFileName .htaccess is default. If it is not present, that is what it's using. If you would to like use a different filename, you can add the line in and replace .htaccess accordingly.
I solved it by changing AllowOverride None to AllowOverride All inside <Directory>
As you can read here
It says:
While processing a request the server
looks for the first existing
configuration file from this list of
names in every directory of the path
to the document, if distributed
configuration files are enabled for
that directory. For example:
AccessFileName .acl
before returning the document
/usr/local/web/index.html, the server
will read /.acl, /usr/.acl,
/usr/local/.acl and
/usr/local/web/.acl for directives,
unless they have been disabled with
<Directory> AllowOverride None
</Directory>
I have a Debian web-server with Apache2 installed and need to set in one directory DirectoryIndex to .html file (exactly this name - .html). But when I try to open page from browser it send 403 error.
I've changed apache2.conf (set to allow .ht files), I placed .htacess file in directory and set in it:
DirectoryIndex .html index.php index.html
AllowOverride All
Order Deny,Allow
Allow from all
But it still not work and displays 403 error. What i doing wrong and what i forget to do?
The correct answer is:
<FilesMatch "^\.html">
Order deny,allow
</FilesMatch>
DirectoryIndex .html
Sounds like you have a rule somewhere in your apache file that denys access to files starting with a .. This is generally a Good Thing, as a lot of sensitive files start with dots (ie: .htaccess, .svn, .git, .htpasswd, etc etc).
You might be able to get around the issue with something like this:
<FilesMatch "^\.html">
Order allow,deny
Allow from all
</Files>
Disclaimer: This seems like a hack. I don't know what you're trying to do, but there's probably a cleaner, less error prone way to do it.
I'm wondering how to forbid access to the all directories except one using .htaccess file.
The construction like
<Directory />
Order Deny,Allow
Deny from all
</Directory>
<Directory /folder>
Order Deny,Allow
Allow from all
</Directory>
raises Error 500. It can be put only in apache conf file, right? Or I'm doing something wrong?
The Directory directive may not be used in a .htaccess file (see the Context section of the Directory docs). From within a .htaccess file you can use Files or FilesMatch as a section container, or mod_rewrite. Assuming you're allowed to use mod_rewrite (and you have a good reason for using a .htaccess file in the first place, like say, you're not the server admin):
RewriteEngine On
RewriteRule !folder [F]
In principal this answers your question. It's more likely though that your situation is more complicated than you're letting on.
http://httpd.apache.org/docs/2.2/mod/core.html#directory
http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html#rewriterule
http://httpd.apache.org/docs/2.2/sections.html
BTW, this question probably belongs on serverfault.com
I want to disable directory browsing of /galerias folder and all subdirectories
Index of /galerias/409
* Parent Directory
* i1269372986681.jpg
* i1269372986682.jpg
* i1269372988680.jpg
Create an .htaccess file containing the following line:
Options -Indexes
That is one option. Another option is editing your apache configuration file.
In order to do so, you first need to open it with the command:
vim /etc/httpd/conf/httpd.conf
Then find the line: Options Indexes FollowSymLinks
Change that line to: Options FollowSymLinks
Lastly save and exit the file, and restart apache server with this command:
sudo service httpd restart
(You have a guide with screenshots here.)
The best way to do this is disable it with webserver apache2. In my Ubuntu 14.X - open /etc/apache2/apache2.conf change from
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
to
<Directory /var/www/>
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
then restart apache by:
sudo service apache2 reload
This will disable directory listing from all folder that apache2 serves.
Apart from the aformentioned two methods (edit /etc/apache2/apache2.conf or add Options -Indexes in .htaccess file), here is another one
a2dismod autoindex
Restart the apache2 server afterwards
sudo service apache2 restart
Edit/Create an .htaccess file inside /galerias with this:
Options -Indexes
Directory browsing is provided by the mod_autoindex module.
You can place an empty file called index.html into each directory that you don't want listed. This has several advantages:
It (usually) requires zero configuration on the server.
It will keep working, even if the server administrator decides to use "AllowOverride None" in the the server configuration. (If you use .htaccess files, this can lead to lots of "Error 500 - internal server error" messages for your users!).
It also allows you to move your files from one server to the next, again without having to mess with the apache configuration.
Theoretically, the autoindexing might be triggered by a different file (this is controlled by the DirectoryIndex option), but I have yet to encounter this in the real world.
One of the important thing is on setting a secure apache web server is to disable directory browsing. By default apache comes with this feature enabled but it is always a good idea to get it disabled unless you really need it.
Open httpd.conf file in apache folder and find the line that looks as follows:
Options Includes Indexes FollowSymLinks MultiViews
then remove word Indexes and save the file. Restart apache. That's it
If you choose to modify your httpd.conf file to solve this and you have multiple Options directives, then you must add a - or a + before each directive. Example:
Options -Indexes +FollowSymLinks
This is not an answer, just my experience:
On my Ubuntu 12.04 apache2, didn't find Indexes in either apache2.conf or httpd.conf, luckily I found it in sites-available/default. After removing it, now it doesn't see directory listing. May have to do it for sites-available/default-ssl.
To complete #GauravKachhadiya's answer :
IndexIgnore *.jpg
means "hide only .jpg extension files from indexing.
IndexIgnore directive uses wildcard expression to match against directories and files.
a star character , it matches any charactes in a string ,eg : foo or foo.extension, in the following example, we are going to turn off the directory listing, no files or dirs will appear in the index :
IndexIgnore *
Or if you want to hide spacific files , in the directory listing, then we can use
IndexIgnore *.php
*.php => matches a string that starts with any char and ends with .php
The example above hides all files that end with .php
Open Your .htaccess file and enter the following code in
Options -Indexes
Make sure you hit the ENTER key (or RETURN key if you use a Mac) after entering the "Options -Indexes" words so that the file ends with a blank line.
Add this in your .htaccess file:
Options -Indexes
If it is not work for any reason, try this within your .htaccess file:
IndexIgnore *
Try this in .htaccess:
IndexIgnore *.jpg
In Directory Section ( /etc/httpd/httpd.conf)
Remove Line - Options Indexes FollowSymLinks
New Line - Options FollowSymLinks
I found another way of doing this with virtual hosts:
<VirtualHost *:80>
DocumentRoot C:/WAMP/Apache24/htdocs/
ServerName vehiclesspares.com
<Directory C:/WAMP/Apache24/htdocs/vehiclesspares.com>
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
This worked for me on Apache 2.4.54 on my local windows machine with the host file (C:\Windows\System32\drivers\etc\hosts) containing the line:
127.0.0.1 vehiclesspares.com
This configuration also had vehiclesspares.com under the docroot: C:\WAMP\Apache24\htdocs\vehiclesspares.com