Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Apache 2.4, enabling folder view in browser

Using Apache 2.4 64 bit VC10 build on my Win 7 machine from Apache Lounge, how do I enable folder file view? I just want to see what files are in every folder that does not have a index file in that folder.

This is for dev purposes only. I have tried using Options Indexes / All options and restarted my server a few times. All I get is 403 Forbidden.

like image 809
Tony Arnold Avatar asked May 28 '12 19:05

Tony Arnold


People also ask

How do I check if directory browsing is enabled?

Go to your own Virtual Host settings and look for "Options Indexes" If "Options Indexes" exists, modify it to "Options -Indexes" (add a "-" sign before "Indexes") or else add "Options -Indexes" as a new line. Restart your apache web server.


2 Answers

For Apache 2.4, if you have enabled Directory Indexes such as index.html or index.php you must first disable that before you can get folders and files to show in a web browser.

<Directory "/vhost/www/htdocs/path/to/folder">
 DirectoryIndex disabled
 Options Indexes
</Directory>
like image 158
Brady Avatar answered Oct 27 '22 17:10

Brady


The directive in Apache has changed from version 2.2 to 2.4 and up.

I am running version 2.4.7 and a basic vhost file looks like this:

<VirtualHost 192.168.1.5:80>

  DocumentRoot /srv/html/
  ServerName some.placeoverthe.rainbow

 <Directory /srv/html/>
   Options Indexes  ## Allows directory browsing.
   Require all granted  ## Allow all request
 </Directory>

</VirtualHost>

Taken form the Apache website: https://httpd.apache.org/docs/2.4/upgrading.html

Here are some examples of old and new ways to do the same access control.

In this example, all requests are denied.

2.2 configuration:

Order deny,allow
Deny from all

2.4 configuration:

Require all denied

In this example, all requests are allowed.

2.2 configuration:

Order allow,deny
Allow from all

2.4 configuration:

Require all granted

In the following example, all hosts in the example.org domain are allowed access; all other hosts are denied access.

2.2 configuration:

Order Deny,Allow
Deny from all
Allow from example.org

2.4 configuration:

Require host example.org

Directory Indexing

Taken form the Apache website: http://httpd.apache.org/docs/2.4/mod/core.html

The Options directive controls which server features are available in a particular directory.

option can be set to None, in which case none of the extra features are enabled, or one or more of the following:

All

  All options except for MultiViews.

ExecCGI

  Execution of CGI scripts using mod_cgi is permitted.

FollowSymLinks

The server will follow symbolic links in this directory. This is the default setting.

Even though the server follows the symlink it does not change the pathname used to match against sections.

The FollowSymLinks and SymLinksIfOwnerMatch Options work only in sections or .htaccess files.

Omitting this option should not be considered a security restriction, since symlink testing is subject to race conditions that make it circumventable.

Includes

Server-side includes provided by mod_include are permitted.

IncludesNOEXEC

Server-side includes are permitted, but the #exec cmd and #exec cgi are disabled. It is still possible to #include virtual CGI scripts from ScriptAliased directories.

Indexes

If a URL which maps to a directory is requested and there is no DirectoryIndex (e.g., index.html) in that directory, then mod_autoindex will return a formatted listing of the directory.

MultiViews

Content negotiated "MultiViews" are allowed using mod_negotiation.

Note: This option gets ignored if set anywhere other than , as
mod_negotiation needs real resources to compare against and evaluate from.

SymLinksIfOwnerMatch

The server will only follow symbolic links for 
which the target file or directory is owned by 
the same user id as the link. 

As a side note: You might want to check and make sure that the user that apache is running under has permission to read from that directory. On windows this may not be an issue but on Linux it very well can be an issue. On most Linux distros the default user is typically :

www-data

So you would need to change permissions for that directory to allow apache access if the directory is owned by someone other than the user apache runs under.

like image 26
Kyle Coots Avatar answered Oct 27 '22 16:10

Kyle Coots