From users-return-118510-archive-asf-public=cust-asf.ponee.io@httpd.apache.org Mon Mar 11 10:16:31 2019 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id A71D4180657 for ; Mon, 11 Mar 2019 11:16:30 +0100 (CET) Received: (qmail 983 invoked by uid 500); 11 Mar 2019 10:16:29 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 973 invoked by uid 99); 11 Mar 2019 10:16:29 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 11 Mar 2019 10:16:29 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id BD478180F04 for ; Mon, 11 Mar 2019 10:16:28 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 6.202 X-Spam-Level: ****** X-Spam-Status: No, score=6.202 tagged_above=-999 required=6.31 tests=[DKIM_ADSP_CUSTOM_MED=0.001, FORGED_GMAIL_RCVD=1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, KAM_LAZY_DOMAIN_SECURITY=1, NML_ADSP_CUSTOM_MED=1.2, RDNS_NONE=3] autolearn=disabled Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id pp80Jql0MDge for ; Mon, 11 Mar 2019 10:16:27 +0000 (UTC) Received: from blaine.gmane.org (unknown [195.159.176.226]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id 0352F5F56F for ; Mon, 11 Mar 2019 10:16:26 +0000 (UTC) Received: from list by blaine.gmane.org with local (Exim 4.89) (envelope-from ) id 1h3Hyr-000SXn-VC for users@httpd.apache.org; Mon, 11 Mar 2019 11:16:25 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: users@httpd.apache.org From: Bo Berglund Date: Mon, 11 Mar 2019 11:16:19 +0100 Message-ID: References: <6kra8ehqpasnspqvqvtqtou9i582q4emiv@4ax.com> Reply-To: bo.berglund@gmail.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Newsreader: Forte Free Agent 1.92/32.572 Subject: [users@httpd] Re: How to block Apache2 from showing dir lists on Ubuntu 16.04 server... On Mon, 11 Mar 2019 09:12:28 +0100, Bo Berglund wrote: >If I enter an URL ending with a directory name Apache throws up a list >of all of the files inside the directory which is NOT what I want. >I have created a php command to create the display of the dir content >which works just fine on my webhosting server but not on the ubuntu 16 >server. > >This is what I have in my .htaccess file in this dir: > >require valid-user >Options -Indexes >DirectoryIndex dirlist.php > >But notwithstanding this Apache2 does not run the dirlist.php command >file to get the properly formatted list. > >If I explicitly run the url ending with dirlist.php it works as >expected and I get my formatted directory list. But I want this to >happen also if the URL is just the directory itself. > >So how can I make Apache NOT create the file list but instead run the >dirlist.php command? I did a workaround by changing the name of dirlist.php to index.php. This makes Apache use this file as the renderer if the URL lacks the file specification. So this solves the problem for the directories which do have an index.php inside. But what to do for intermediate directories which are not supposed to be shown at all? I REALLY want Apache to show a "Forbidden" page rather than the list of files and dirs in the directory of the URL. >I even went as far as editing the >/etc/apache2/sites-available/000-default.conf file and adding this to >the end of the directory block: > > > AuthType Basic > AuthName "Restricted Content" > AuthUserFile /etc/apache2/private.htpasswd > Require valid-user > #Added to block dir listing and allow .htaccess to work > AllowOverride All > Options -Indexes > > >Then sudo service apache2 restart > Question remains, why does this not work? Note that I have not added any virtual hosts or anything, Apache is straight out of the box except for Subversion and it has enabled the default site /var/www/html, which is the one I am trying to get working properly. -- Bo Berglund Developer in Sweden --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org