I want to disable directory browsing of /galerias folder and all subdirectories
Index of /galerias/409
* Parent Directory
* i1269372986681.jpg
* i1269372986682.jpg
* i1269372988680.jpg
Create an .htaccess file containing the following line:
Options -Indexes
That is one option. Another option is editing your apache configuration file.
In order to do so, you first need to open it with the command:
vim /etc/httpd/conf/httpd.conf
Then find the line: Options Indexes FollowSymLinks
Change that line to: Options FollowSymLinks
Lastly save and exit the file, and restart apache server with this command:
sudo service httpd restart
(You have a guide with screenshots here.)
The best way to do this is disable it with webserver apache2. In my Ubuntu 14.X - open /etc/apache2/apache2.conf change from
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
to
<Directory /var/www/>
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
then restart apache by:
sudo service apache2 reload
This will disable directory listing from all folder that apache2 serves.
Apart from the aformentioned two methods (edit /etc/apache2/apache2.conf or add Options -Indexes in .htaccess file), here is another one
a2dismod autoindex
Restart the apache2 server afterwards
sudo service apache2 restart
Edit/Create an .htaccess file inside /galerias with this:
Options -Indexes
Directory browsing is provided by the mod_autoindex module.
You can place an empty file called index.html into each directory that you don't want listed. This has several advantages:
It (usually) requires zero configuration on the server.
It will keep working, even if the server administrator decides to use "AllowOverride None" in the the server configuration. (If you use .htaccess files, this can lead to lots of "Error 500 - internal server error" messages for your users!).
It also allows you to move your files from one server to the next, again without having to mess with the apache configuration.
Theoretically, the autoindexing might be triggered by a different file (this is controlled by the DirectoryIndex option), but I have yet to encounter this in the real world.
One of the important thing is on setting a secure apache web server is to disable directory browsing. By default apache comes with this feature enabled but it is always a good idea to get it disabled unless you really need it.
Open httpd.conf file in apache folder and find the line that looks as follows:
Options Includes Indexes FollowSymLinks MultiViews
then remove word Indexes and save the file. Restart apache. That's it
If you choose to modify your httpd.conf file to solve this and you have multiple Options directives, then you must add a - or a + before each directive. Example:
Options -Indexes +FollowSymLinks
This is not an answer, just my experience:
On my Ubuntu 12.04 apache2, didn't find Indexes in either apache2.conf or httpd.conf, luckily I found it in sites-available/default. After removing it, now it doesn't see directory listing. May have to do it for sites-available/default-ssl.
To complete #GauravKachhadiya's answer :
IndexIgnore *.jpg
means "hide only .jpg extension files from indexing.
IndexIgnore directive uses wildcard expression to match against directories and files.
a star character , it matches any charactes in a string ,eg : foo or foo.extension, in the following example, we are going to turn off the directory listing, no files or dirs will appear in the index :
IndexIgnore *
Or if you want to hide spacific files , in the directory listing, then we can use
IndexIgnore *.php
*.php => matches a string that starts with any char and ends with .php
The example above hides all files that end with .php
Open Your .htaccess file and enter the following code in
Options -Indexes
Make sure you hit the ENTER key (or RETURN key if you use a Mac) after entering the "Options -Indexes" words so that the file ends with a blank line.
Add this in your .htaccess file:
Options -Indexes
If it is not work for any reason, try this within your .htaccess file:
IndexIgnore *
Try this in .htaccess:
IndexIgnore *.jpg
In Directory Section ( /etc/httpd/httpd.conf)
Remove Line - Options Indexes FollowSymLinks
New Line - Options FollowSymLinks
I found another way of doing this with virtual hosts:
<VirtualHost *:80>
DocumentRoot C:/WAMP/Apache24/htdocs/
ServerName vehiclesspares.com
<Directory C:/WAMP/Apache24/htdocs/vehiclesspares.com>
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
This worked for me on Apache 2.4.54 on my local windows machine with the host file (C:\Windows\System32\drivers\etc\hosts) containing the line:
127.0.0.1 vehiclesspares.com
This configuration also had vehiclesspares.com under the docroot: C:\WAMP\Apache24\htdocs\vehiclesspares.com
Related
how can I define apache virtual host to show a directory tree even if index.html/php exists?
You have to enabled the Indexes option and remove the DirectoryIndex option.
If you have AllowOverride enabled you can add the following to your .htaccess file.
Options Indexes FollowSymLinks
DirectoryIndex disabled
If you get a welcome page, you may need to remove/edit /etc/httpd/conf.d/welcome.conf. ON Red Hat derived OS's and others this can interfere with some directory listing.
How do I disable single option override in specific folder in Apache? I'd like to force DirectoryIndex value in specific folder, so DirectoryIndex option in .htaccess of that folder will be ignored. I'd expect configuration should look somehow similar, but neither works:
<Directory "/home/me/www/symfonyProject1">
DirectoryIndex app_dev.php
AllowOverride -Indexes
</Directory>
or this
<Directory "/home/me/www/symfonyProject1">
DirectoryIndex app_dev.php
AllowOverride Options=-DirectoryIndex
</Directory>
Is this even possible? How could I achieve that?
Using: Apache/2.2.8 (Win32) & Windows 7 x64
The only possiblility, even though it is definitely not kosher, is to let .htaccess be ignored by versioning system locally. Then you can change as you wish to adapt you instance.
In case you need to change original .htaccess, you must do following (for GIT):
backup your modified .htaccess file
Comment out line .htaccess in file .git/info/exclude
do git checkout -- .htaccess to retrieve original file
modifiy and commit changes
Uncomment .htaccess line in .git/info/exclude
Copy modified .htaccess from backup to working tree
I did not get this working with the <Directory> tag in httpd.conf but it was working if I did the following:
In /home/me/www/symfonyProject1 create a .htaccess file and put DirectoryIndex app_dev.php in it.
This should work as long as you AllowOverride All (Or more narrow if needed) in the parent configuration.
I want to set the AllowOverride all But I don't know how to do it. I have found the following code by searching the google and pasted it in .htaccess:
<Directory>
AllowOverride All
</Directory>
But after pasting it I started receiving "Internal Server Error"
Can anyone guide me where to put this code or how to do it?
In case you are on Ubuntu, edit the file /etc/apache2/apache2.conf (here we have an example of /var/www):
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
and change it to;
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
then,
sudo service apache2 restart
You may need to also do sudo a2enmod rewrite to enable module rewrite.
The main goal of AllowOverride is for the manager of main configuration files of apache (the one found in /etc/apache2/ mainly) to decide which part of the configuration may be dynamically altered on a per-path basis by applications.
If you are not the administrator of the server, you depend on the AllowOverride Level that theses admins allows for you. So that they can prevent you to alter some important security settings;
If you are the master apache configuration manager you should always use AllowOverride None and transfer all google_based example you find, based on .htaccess files to Directory sections on the main configuration files. As a .htaccess content for a .htaccess file in /my/path/to/a/directory is the same as a <Directory /my/path/to/a/directory> instruction, except that the .htaccess dynamic per-HTTP-request configuration alteration is something slowing down your web server. Always prefer a static configuration without .htaccess checks (and you will also avoid security attacks by .htaccess alterations).
By the way in your example you use <Directory> and this will always be wrong, Directory instructions are always containing a path, like <Directory /> or <Directory C:> or <Directory /my/path/to/a/directory>. And of course this cannot be put in a .htaccess as a .htaccess is like a Directory instruction but in a file present in this directory. Of course you cannot alter AllowOverride in a .htaccess as this instruction is managing the security level of .htaccess files.
Goto your_severpath/apache_ver/conf/
Open the file httpd.conf in Notepad.
Find this line:
#LoadModule vhost_alias_module modules/mod_vhost_alias.so
Remove the hash symbol:
LoadModule vhost_alias_module modules/mod_vhost_alias.so
Then goto <Directory />
and change to:
<Directory />
Options FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
Then restart your local server.
On Linux, in order to relax access to the document root, you should edit the following file:
/etc/httpd/conf/httpd.conf
And depending on what directory level you want to relax access to, you have to change the directive
AllowOverride None
to
AllowOverride All
So, assuming you want to allow access to files on the /var/www/html directory, you should change the following lines from:
<Directory "/var/www/html">
AllowOverride None
</Directory>
to
<Directory "/var/www/html">
AllowOverride All
</Directory>
If you are using Linux you may edit the code in the directory of
/etc/httpd/conf/httpd.conf
now, here find the code line kinda like
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride None
#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all
</Directory>
Change the AllowOveride None to AllowOveride All
Now now you can set any kind of rule in your .httacess file inside your directories
if any other operating system just try to find the file of httpd.conf and edit it.
As other users explained here about the usage of allowoveride directive, which is used to give permission to .htaccess usage. one thing I want to point out that never use allowoverride all if other users have access to write .htaccess instead use allowoveride as to permit certain modules.
Such as AllowOverride AuthConfig mod_rewrite Instead of
AllowOverride All
Because module like mod_mime can render your server side files as plain text.
enter code hereif you are using linux you have to edit the
`/etc/apache2/sites-available/000-default.conf`
under the Documentroot . add the following code
`<Directory /var/www/>
AllowOverride all
Require all granted
</Directory>`
then ,
`sudo service apache2 restart`
and you have to enable the apache mod rewrite
`sudo a2enmod rewrite`
I think you want to set it in your httpd.conf file instead of the .htaccess file.
I am not sure what OS you use, but this link for Ubuntu might give you some pointers on what to do.
https://help.ubuntu.com/community/EnablingUseOfApacheHtaccessFiles
I also meet this problem, and I found the solution as 2 step below:
1. In sites-enabled folder of apache2, you edit in Directory element by set "AllowOverride all" (should be "all" not "none")
2. In kohana project in www folder, rename "example.htaccess" to ".htaccess"
I did it on ubuntu. Hope that it will help you.
There are several answers but there a number of things wrong with this question and I would like to address these:
If you get an error (e.g. 500), look in the log files (if you have access to them). e.g. /var/log/apache2/ssl_error.log
e.g.
cat /var/log/apache2/ssl_error.log
[Tue Jun 01 19:05:34 2021] [alert] [pid 31154] config.c(2119):
[client *******] /var/www/mysite/public/tmp/.htaccess:
<Directory not allowed here [lid YLZo3quRlv2EKOAABVoFLwAAAIM]
Putting AllowOverrides in a .htaccess makes no sense and is not allowed. See Context. See also my explanation below. It should be defined in the Apache configuration (e.g. /etc/apache2)
Allowing everything is usually not the best idea. Be as restrictive as possible!
the Directory directive is missing a directory, should be e.g. <Directory /var/www/html/etc>
the Directory directive does not make sense in an .htaccess. The location of the .htaccess in a directory already has the effect of making the statements within apply to a specific directory
do not mix and match snippets that are intended to be put in the Apache configuration (e.g. in /etc/apache2/...) with statements that are intended to be put in .htaccess - though most of the time, they will be identical, there are some subtle differences
If you have the possibility to modify the Apache configuration directly, do not use .htaccess and deactivate it. (for performance reasons, among others. Also you can have all configuration in one place, put it in version control or manage it via a software configuration management tool, e.g. Puppet, Ansible, SaltStack)
Unless you really cannot access and modify the Apache configuration directly, you do not need .htaccess. This is a common misconception.
That you saw a 500 error proves my point. If you change configuration in the Apache configuration directly (and not in .htaccess), you will usually get an error message with an explanation and information about the error and the line number (e.g. when you do service apache2 reload or apachectl configtest) - which gives you the possibility to fix the error before applying this in production(!).
Also, look in the documentation. It is really quite good. For most directives, you can find where they apply (see "Context").
For example, for IfModule, you can see:
Context: server config, virtual host, directory, .htaccess
For, AllowOverrides it is:
Context: directory
Note the missing .htaccess in the Context!
Instead of googling for information which repeat the same mistakes over and over, look in the documentation!
Docs
AllowOverrides
https://www.danielmorell.com/guides/htaccess-seo/basics/dont-use-htaccess-unless-you-must
SuSE Linux Enterprise Server
Make sure you are editing the right file
https://www.suse.com/documentation/sles11/book_sle_admin/data/sec_apache2_configuration.html
httpd.conf
The main Apache server configuration file. Avoid changing this file. It primarily contains include statements and global settings. Overwrite global settings in the pertinent configuration files listed here. Change host-specific settings (such as document root) in your virtual host configuration.
In such case vhosts.d/*.conf must be edited
Plus those upvoted correct answers sometimes same error could be seen because of mismatched and different settings on SSL part of webserver configurations. (Obviously when not using .htaccess file).
I have a server from AWS EC2 service running on Linux ubuntu and I have installed apache, php, and mysql.
I have added a .htaccess file in my document root /var/www/html.
I entered this code in it:
ErrorDocument 404 /var/www/html/404.php and it is still not showing up.
I kept entered this command multiple times: sudo service httpd restart to restart the server but no changes displayed...
How can I fix this... Did I do something wrong?
First, note that restarting httpd is not necessary for .htaccess files. .htaccess files are specifically for people who don't have root - ie, don't have access to the httpd server config file, and can't restart the server. As you're able to restart the server, you don't need .htaccess files and can use the main server config directly.
Secondly, if .htaccess files are being ignored, you need to check to see that AllowOverride is set correctly. See http://httpd.apache.org/docs/2.4/mod/core.html#allowoverride for details. You need to also ensure that it is set in the correct scope - ie, in the right block in your configuration. Be sure you're NOT editing the one in the block, for example.
Third, if you want to ensure that a .htaccess file is in fact being read, put garbage in it.
An invalid line, such as "INVALID LINE HERE", in your .htaccess file, will result in a 500 Server Error when you point your browser at the directory containing that file. If it doesn't, then you don't have AllowOverride configured correctly.
Enable Apache mod_rewrite module
a2enmod rewrite
add the following code to /etc/apache2/sites-available/default
AllowOverride All
Restart apache
/etc/init.d/apache2 restart
If you have tried all of the above, which are all valid and good answers, and your htaccess file is not working or being read change the directive in the apache2.conf file. Under Ubuntu the path is /etc/apache2/apache2.conf
Change the <Directory> directive pointing to your public web pages, where the htaccess file resides. Change from AllowOverride None to AllowOverride All
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
I had the same problem and found the answer and explanation on the Ubuntu Ask! forum https://askubuntu.com/questions/421233/enabling-htaccess-file-to-rewrite-path-not-working
For Ubuntu,
First, run this command :-
sudo a2enmod rewrite
Then, edit the file /etc/apache2/sites-available/000-default.conf using nano or vim using this command :-
sudo nano /etc/apache2/sites-available/000-default.conf
Then in the 000-default.conf file, add this after the line DocumentRoot /var/www/html. If your root html directory is something other, then write that :-
<Directory "/var/www/html">
AllowOverride All
</Directory>
After doing everything, restart apache using the command sudo service apache2 restart
Most probably, AllowOverride is set to None. in Directory section of apache2.conf located in /etc/apache2 folder
Try setting it to AllowOverride All
Just follow 3 steps
Enable mode_rewrite using following command
sudo a2enmod rewrite
Password will be asked. So enter your password
Update your 000-default.conf or default.conf file located at /etc/apache2/sites-available/ directory. you can not edit it directly. so use following command to open
sudo gedit /etc/apache2/sites-available/000-default.conf
Or
sudo gedit /etc/apache2/sites-available/default.conf
you will get
DocumentRoot /var/www/html
OR
DocumentRoot /var/www
line. Add following code after it.
<Directory /var/www/html/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
Make user the directory tag path is same as shown in your file.
Restart your apache server using following command
sudo service apache2 restart
In my experience, /var/www/ directory directive prevents subfolder virtualhost directives. So if you had tried all suggestions and still not working and you are using virtualhosts try this ;
1 - Be sure that you have
AllowOverride All directive in
/etc/apache2/sites-available/example.com.conf
2 - Check /var/www/ Directory directives in /etc/apache2/apache2.conf (possibly at line 164), which looks like ;
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
If there is an AllowOverride None directive change it to
AllowOverride All or just escape line
By default, Apache prohibits using an .htaccess file to apply rewrite rules, so
Step 1 — Enabling mod_rewrite (if not Enabled)
First, we need to activate mod_rewrite. It's available but not enabled with a clean Apache 2 installation.
$ sudo a2enmod rewrite
This will activate the module or alert you that the module is already enabled. To put these changes into effect, restart Apache.
$ sudo systemctl restart apache2
mod_rewrite is now fully enabled. In the next step we will set up an .htaccess file that we'll use to define rewrite rules for redirects.
Step 2 — Setting Up .htaccess
Open the default Apache configuration file using nano or your favorite text editor.
$ sudo nano /etc/apache2/sites-available/000-default.conf
Inside that file, you will find a block starting on the first line. Inside of that block, add the following new block so your configuration file looks like the following. Make sure that all blocks are properly indented.
/etc/apache2/sites-available/000-default.conf
<VirtualHost *:80>
<Directory /var/www/html>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require all granted
</Directory>
. . .
</VirtualHost>
Save and close the file. To put these changes into effect, restart Apache.
$ sudo systemctl restart apache2
Done. Your .htacess should work.
This link may actually help somebody https://www.digitalocean.com/community/tutorials/how-to-rewrite-urls-with-mod_rewrite-for-apache-on-ubuntu-16-04
I cleared this use. By using this site click Here , follow the steps, the same steps follows upto the ubuntu version 18.04
Go to /etc/apache2/apache2.conf
You have to edit that file (you should have root permission). Change directory text as bellow:
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
Now you have to restart apache.
service apache2 restart
In WampServer Open WampServer Tray icon ----> Apache ---> Apache Modules --->rewrite_module
For completeness, if "AllowOverride All" doesn't fix your problem, you could debug this problem using:
Run apachectl -S and see if you have more than one namevhost. It might be that httpd is looking for .htaccess of another DocumentRoot.
Use strace -f apachectl -X and look for where it's loading (or not loading) .htaccess from.
i have a lot of sites on my virtual machine,
and i solved it only by changing config of the site in which i needed .htaccess
what i did:
sudo a2enmod rewrite
next i changed only config for particular site, not for every site "example.com"
sudo nano /etc/apache2/sites-enable/example.com.conf
inside of it i added
<Directory /var/www/example.com>
AllowOverride All
</Directory>
service apache2 restart
so it only applies for 1 site, because when i tried to apply changes to entire server it crashed, don't know why, but this solved my problem
I am using Apache 2.2.17 for Windows. To set up .htaccess file, when I was going through httpd.conf file, I was not able to find the word called “AccessFileName”. I believe there should be a line like this: AccessFileName .htaccess. How can I solve this?
Here is the httpd.conf file.
The AccessFileName .htaccess is default. If it is not present, that is what it's using. If you would to like use a different filename, you can add the line in and replace .htaccess accordingly.
I solved it by changing AllowOverride None to AllowOverride All inside <Directory>
As you can read here
It says:
While processing a request the server
looks for the first existing
configuration file from this list of
names in every directory of the path
to the document, if distributed
configuration files are enabled for
that directory. For example:
AccessFileName .acl
before returning the document
/usr/local/web/index.html, the server
will read /.acl, /usr/.acl,
/usr/local/.acl and
/usr/local/web/.acl for directives,
unless they have been disabled with
<Directory> AllowOverride None
</Directory>