When a URL is called which isn't pointing to a file but merely to a directory, the server will look for the default documents.

These are defined in the server's configuration file.


Let's look at a practical example. A visitor enters the following URL in his or her web browser:

http://yourdomain.com

The webserver will expand the URL, depending on
configuration, to:

http://yourdomain.com/index.html
http://yourdomain.com/index.htm
http://yourdomain.com/default.htm
http://yourdomain.com/home.htm

If none of the default documents is found, the web
server will display the directory listing by default.

This, of course, will inadvertently reveal document
names to your visitor which can then be downloaded directly, e.g.:

http://yourdomain.com/private/private.html


To protect against this unwanted display, a common
approach is to copy a default document into each
directory, e.g. "index.html".

The default document can be empty, even a file of 0 bytes will suffice.

Instead, you may also configure the file to redirect
the visitor via a meta refresh e.g. to your home page file "index.html" in the main directory.


However, this protection measure is somewhat
cumbersome, especially so if you have a multitude of directories to protect from snooping eyes.

A better method consists of configuring the web server accordingly. Drawing on the Apache web server configuration file "httpd.conf", we will now explain how to set about this.

old
===
Directory "/usr/local/apache/htdocs"
...
Options Indexes FollowSymLinks MultiViews

new
===
Directory "/usr/local/apache/htdocs"
...
Options FollowSymLinks MultiViews

Simply delete the option "Indexes", and you've solved the problem!


The .htaccess Method
--------------------
If you are on a system setup without access privilege to the web server but offering ".htaccess"
functionality, the following entry in your ".htaccess"
file will help you tackle the task:

Options -Indexes

Or, if you have already defined e.g. the Options:

Options +Includes +ExecCGI -Indexes

This rule applies to the directory in which the
".htaccess" is located as well as all subdirectories
below.

In this manner, you can restrict directory display on
your virtual domain, even if the server wide
configuration permits it.

On the reverse side, this will also allow you to enable directory listing for specific directories, even if the the server wide configuration does not permit it.

This can be useful in the case of directories featuring download files.

In this case, your ".htaccess" should have the
following entry:

Options +Indexes


To modify the order in which the files in a given
directory will be displayed, you can use the following parameters.

In the example below the listing of the main directory will be sorted:

http://www.yourdomain.com/?N=A
Ascending - Sort by file name (default)
http://www.yourdomain.com/?M=A
Ascending - Last modification date
http://www.yourdomain.com/?S=A
Ascending - Size
http://www.yourdomain.com/?D=A
Ascending - Description

http://www.yourdomain.com/?N=D
Descending - Sort by file name (default)
http://www.yourdomain.com/?M=D
Descending - Last modification date
http://www.yourdomain.com/?S=D
Descending - Size
http://www.yourdomain.com/?D=D
Descending - Description


Dirk Brockhausen is the co-founder and principal of fantomaster.com Ltd. (UK) and fantomaster.com GmbH (Belgium), a company specializing in webmasters software development, industrial-strength cloaking and
search engine positioning services. He holds a doctorate in physics and has worked as an SAP consultant and software developer since 1994. He is also Technical Editor of fantomNews, a free newsletter
focusing on search engine optimization, available at:
http://fantomaster.com/fantomnews-sub.html
You can contact him at mailto:fntecheditor@fantomaster.com
(c) copyright 2001 by fantomaster.com
Downloaded at: http://fantomaster.com/

No comments yet. Be the first one to comment.