Styling and Alternatives to Options +Indexes .htaccess - apache

I'm getting tired of looking at my files.
It seems like there aren't many options to modifying the look of Apache's Options +Indexes .htaccess layout without having root access to the server. It also seems like you can't browse directories and subdirectories safely through 1 PHP file in the root in a similar fashion (for that I would be able to style.)
I have seen tuts on how to change the length of certain outputs, etc, in .htaccess, but perhaps there is a programming language I am not aware of that can emulate the same type of file browsing safely and still be able to take on style properties.

You can use HeaderName HEADER.html and ReadmeName FOOTER.html to create a custom header and footer. You can include some CSS into the header to make the list look a bit more pretty.
Not sure why you would think PHP is not save to use. You indeed need to be careful to not give access to files outside of the specified folder, but that is not very hard to do.

Actually there are plenty of styling options with +Indexes. Not only can you add the header (optionally disabling the autogenerated <html>...<body> tags) and footer, but you can define a stylesheet with IndexStyleSheet cute.css. Using that and some clever selectors, it is possible to create very nice listings. Check the official docs for more details.

Related

Where is the file for the apache default open directory display

With Apache it is possible to have the settings such that when a user requests access to a directory and that directory does not contain any index file then Apache displays a default directory listing as shown in the attached image.
Can anybody tell me where that default directory listing file resides? I would like to modify it for responsive design as well as adding Google analytics code.
I am getting responsive design warnings from Google Webmaster tools on the WordPress uploads directories. I don't want to block them but in fact would like search engines to crawl and index them. With that being said, I also don't want to get mobile usability errors on the same.
The best way is to use the .htaccess file to gain control over directory listings with Apache. This website has a bunch of good stuff to look through: https://perishablepress.com/better-default-directory-views-with-htaccess/
Generally, I would recommend specifically creating index.html files or something to specifically control what users/search engines are seeing, but obviously modifying the default directory listing has benefits.
You can use HeaderName and ReadmeName to supply customised HTML for the header and footer of the directory listings:
# SPECIFY HEADER FILE
HeaderName header.html
# SPECIFY FOOTER FILE
ReadmeName footer.html
Note: Be sure to also set IndexOptions +SuppressHTMLPreamble if you are specifying a custom header & footer to stop Apache adding the default <html>, <head> and <body> elements!
There isn't a file per se. The HTML is embedded in the C source code for mod_autoindex.
You can't achieve some limited control over the output with the mod_autoindex configuration options, most useful of which will probably be the HeaderName Directive
HeaderName /path/to/index_header.html
… but if you want serious control over the output, then you are probably looking at writing your own server side program to replace mod_autoindex.

How to do URL rewriting in Apache through Chef?

I've made a cookbook in Chef to install a web application, Apache and PHP.
This web application has a PHP document that clients access in this URL:
http://localhost/www-app/ClientFE
With this I have a problem. By default PHP will only interpret documents that have a PHP extension, and as my URL doesn't have it, it gets interpreted as text. I can't change the file's extension because the client (which is also software) should not be modified.
What I want to accomplish is to make PHP interpret that document, and for what I've investigated it can be accomplished in three ways at least: configure appropriately PHP, create an alias, create a rewrite rule.
First: I could configure PHP to interpret the desired document:
<FilesMatch "/www-app/ClientFE">
SetHandler application/x-httpd-php
</FilesMatch>
Second: I could do it through mod_write (I would have to rename the fill in the web app, which is also acceptable for me):
RewriteCond ^/www-app/ClientFE /www-app/ClientFE.php
Third: I could do it with mod_alias in a similar fashion than mod_rewrite.
The 3 are good for me, but my problem is: how to do them with Chef ? I haven't been able to find useful docs about it, and I have already tried to put this in my recipe (I found them around the Internet but they haven't worked):
apache_rewrite do
source "/www-app/ClientFE"
target "/www-app/ClientFE.php"
end
and this
apache_module "alias" do
source "/www-app/ClientFE"
target "/www-app/ClientFE.php"
end
Some people in my company suggested 2 valid solutions:
Put the configuration in a .htaccess inside my web application. This works for me and allows to use the alternatives I mentioned above.
Do nothing! It happens that the Multiviews option in the Apache2 cookbook is enabled by default, and it allows Apache to resolve URL http://localhost/A as http://localhost/A.php .... I mean, if Apache is asked about file A, and it doesn't find it, then it will search for A.php instead.
From the two, I chose the later, and yes, it works. It wasn't working before because in my many attempts I created both A and A.php and in that case the Multiviews has no effect.

Prevent Non-Existent Directories From Loading Wildcard Files

I am looking to prevent URLs for directories that don't exist from loading files with the same basename. For example http://domain.com/test/ is loading test.php. The test directory does not exist, but the file test.php does. I can see how this would be useful in most cases, but I am looking to disable it for my project.
I am on an Apache server. Is there a way to disable this option through an .htaccess file?
If there is an actual name for this type of feature, maybe "wildcard filename helper" or something like that, I'd like to know the official term too. Thanks!
This happens because MultiViews is enabled on the server.
If the apache configuration allows you to do so, you should be able to disable it by putting the following in .htaccess:
Options -MultiViews

Hiding files with apache

I've started using SCSS so in my css folder in my project, I have main.css and main.scss.
Is there any way I can prevent hide main.scss when I put this on my ftp? So it's still there, but not available for direct access?
Thanks!
Put this inside a .htaccess in the directory with the file you want to hide. Rename the file appropriately though (instead of yourfile.css).
<files yourfile.css>
deny from all
</files>
Of course you can also do this in your httpd.conf file aswell but the paths will need to be amended.
The problem with #GhostInTheSecureShell's answer is that this also denies access to the files, so the browser cannot download yourfile.css any more, which is probably not what you wanted.
To hide files (or directories) from index listings, but still allow access to them, use
IndexIgnore yourfile.css
in your .htaccess file.
This also works with patterns, so you can hide all css files using
IndexIgnore *.css
Or just name the files that you want to hide with a certain pattern, so, for example
IndexIgnore hide_me_*
will hide all files or directories that start with hide_me_.

How to prevent server files from being viewable online?

I have a website running on an Amazon EC2 Linux server, and everything works fine, but when I point the address bar to something like mydomain.com/css or mydomain.com/images, it prints out a list of all the files in that directory to the brower and they're all readable and viewable. I tried chmod'ing some of the folders to have fewer permissions, and that prevented viewing of these files, but it also made them not appear on the site at all. Is there a way that I can protect my documents and server files while also keeping full functionality?
You can prevent the directory listing by disabling it in the Apache config. Just remove "Indexes" from whatever lines it appears on. For example, change from:
Options Indexes FollowSymLinks
To:
Options FollowSymLinks
Edit: Note, you can also add (or edit) the .htaccess in those directories, explicitly disabling indexing for that directory:
Options -Indexes
That's the nature of the web, these files are downloaded to the user's computer so the browser can display them. You cannot protect them from being called from your own site / URL but you can put rules into place that prevent "hotlinking," that is, it will prevent people from linking to the image in their website from your URL. But even then, they could download the file(s) then upload to their own space and carry on.
Sorry I don't have better news, hope this helps!