Subdomain display 403 error due to "Options -Indexes" in .htaccess.
How to denied directory listing while permitting to Subdomain directory to work?
QUICK ANSWER
Define your DirectoryIndex in the httpd.conf
EXAMPLE
<IfModule dir_module>
DirectoryIndex index.html index.php
</IfModule>
AFTER THAT
Add an index.php or index.html file on your subdirectory.
The file you are adding must be the file you want to see when you access the subdirectory. The name & extension must match the values defined in the DirectoryIndex directive.
Related
I have to be able to direct a GET or POST request when it comes in to
/eSCL/ScannerStatus
or
/eSCL/ScannerStatus/
TO
/eSCL/ScannerStatus/index.php
I am NOT looking for a redirect, as that is what I am getting now. (301 Permanently moved)
It is to say whether trailing slash or not, the request references a directory and I need to load index.php in that directory with NO redirect
I have reviewed the docs here
https://httpd.apache.org/docs/2.4/mod/mod_dir.html
and quite frankly it does not seem to work as stated or maybe I am missing a mod?
I have tried many variations .
I have run
sudo a2enmod rewrite
and
sudo a2enmod dir
both now show as enabled.
Apache 2.4 running on Raspberry Pi3
I have tried MANY MANY different rules and I also see in google results that this is a problem for many others trying to do the same. I see numerous "solutions" posted many of which do not work.
I see no reason to ressurect the 20+ mod rewrite attempts that I have made and failed . I am looking for what works without a redirect
Edit-UPDATE-------------------------------------------------
I just got back to this , deleted .htaccess, and now server refuses to load index.php and shows a directory listing instead.
This leaves me perplexed. I do not believe I need .htaccess for PHP files as it was not there before.
EDIT UPDATE 2------------------------------------
I managed to get back on track with some directives that seemed to go away for some reason.
I now have in /var/www/html/.htaccess
DirectorySlash Off
RewriteEngine On
RewriteRule ^eSCL/ScannerStatus/?$ eSCL/ScannerStatus/index.php [L]
RewriteRule ^eSCL/ScannerCapabilities/?$ eSCL/ScannerCapabilities/index.php [L]
RewriteRule ^eSCL/ScanJobs/?$ eSCL/ScanJobs/index.php [L]
RewriteRule ^eSCL/Scans/?$ eSCL/Scans/index.php [L]
in the global secion of apache2.conf I have (this is apparently what I had to do to get index.php files to load as default again):
<Directory "/var/www/html">
DirectoryIndex index.php index.htm
</Directory>
<Directory "/var/www/html/scans/*">
DirectoryIndex index.php index.htm
</Directory>
<Directory "/var/www/html/eSCL/ScannerStatus">
DirectoryIndex index.php index.htm
</Directory>
<Directory "/var/www/html/eSCL/ScannerCapabilities">
DirectoryIndex index.php index.htm
</Directory>
<Directory "/var/www/html/eSCL/ScanJobs">
DirectoryIndex index.php index.htm
</Directory>
Here is what wireshark captures when requesting http://192.168.1.50/eSCL/ScannerStatus (no trailing slash)
HTTP/1.1 301 Moved Permanently
Date: Thu, 06 Feb 2020 16:56:00 GMT
Server: Apache/2.4.25 (Raspbian)
Location: http://192.168.1.50/eSCL/ScannerStatus/
Content-Length: 327
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved here.</p>
<hr>
<address>Apache/2.4.25 (Raspbian) Server at 192.168.1.50 Port 80</address>
I have also specifically excluded the sites-enabled files in apache2.conf with
# Include the virtual host configurations:
# IncludeOptional sites-enabled/*.conf
I have also verified:
pi#raspberrypi:/etc/apache2 $ sudo a2enmod rewrite
Module rewrite already enabled
pi#raspberrypi:/etc/apache2 $ sudo a2enmod dir
Module dir already enabled
/eSCL/ScannerStatus
If ScannerStatus is a physical directory then by default, mod_dir will append the slash with a 301 redirect in order to "fix" the URL.
You need to override this behaviour and set DirectorySlash Off. You will then need to internally rewrite the request using mod_rewrite to the desired index.php document (instead of relying on DirectoryIndex as you would normally).
For example, in your root .htaccess file:
DirectorySlash Off
RewriteEngine On
RewriteRule ^eSCL/ScannerStatus/?$ eSCL/SCannerStatus/index.php [L]
Note that you will need to clear your browser cache as the 301 redirect to append the slash (by mod_dir) will most likely have been cached by the browser.
I do not believe I need .htaccess for PHP files as it was not there before.
You need .htaccess if you want to override default server behaviour and use physical directories without trailing slashes.
UPDATE:
<Directory "/var/www/html">
DirectoryIndex index.php index.htm
</Directory>
<Directory "/var/www/html/scans/*">
DirectoryIndex index.php index.htm
</Directory>
<Directory "/var/www/html/eSCL/ScannerStatus">
DirectoryIndex index.php index.htm
</Directory>
<Directory "/var/www/html/eSCL/ScannerCapabilities">
DirectoryIndex index.php index.htm
</Directory>
<Directory "/var/www/html/eSCL/ScanJobs">
DirectoryIndex index.php index.htm
</Directory>
The <Directory> container applies to the stated directory and all subdirectories. So in the above, all except the first <Directory "/var/www/html"> container are not required.
However, there's nothing here that is enabling .htaccess overrides? And the behaviour you are currently seeing would seem to suggest that .htaccess files are not enabled - since the .htaccess directives don't appear to be doing anything.
TEST: Add any "nonsense" to the top of the .htaccess file. If .htaccess files are being processed then this will break horribly and result in a 500 Internal Server Error. If no error then the .htaccess file is being ignored (ie. .htaccess files are not enabled).
The rewrite we added in .htaccess to route requests to index.php negates the need for DirectoryIndex - but there is no harm adding this.
To enable .htaccess overrides you need to set AllowOverride in the relevant <Directory> container. For example:
<Directory "/var/www/html">
# Allow .htaccess files to override config directives
AllowOverride All
# Allow mod_dir to issue an internal subrequest for the DirectoryIndex
# when requesting /subdirectory/ (note the trailing slash)
DirectoryIndex index.php index.htm
# Access needs to be permitted (somewhere)
Require all granted
</Directory>
If you have access to the server config then you don't need .htaccess. All the directives in .htaccess (a directory context) can go directly in the relevant <Directory> container. (Although development/distribution requirements could make the use of .htaccess files easier.)
Incidentally, the DirectoryIndex directive can be used in .htaccess.
Aside:
As noted earlier, the above rewrite in .htaccess negates the need for DirectoryIndex index.php. However, they can be modified slightly to make use of this. For example (an academic excercise):
DirectoryIndex index.php
DirectorySlash Off
RewriteEngine On
# Note the different regex having removed "/?"
RewriteRule ^eSCL/ScannerStatus$ eSCL/SCannerStatus/index.php [L]
Now, a request for /eSCL/ScannerStatus (no trailing slash) is rewritten using mod_rewrite to index.php. But a request for /eSCL/ScannerStatus/ (with a trailing slash) is now handled by DirectoryIndex which returns index.php via an internal subrequest. With the earlier RewriteRule, both these requests were handled by mod_rewrite.
Note that the 4 rules for the 4 different sub-subdirectories can potentially be combined into a single rule.
I have a folder in the root called 'php', and when I type a url like this in my site:
http://example.com/php
it turns like this:
http://example.com/php/?q=php
but if the folder doesn't exist, it does not add the '?q='. I've tried adding:
Options -Indexes
but still happens. my site uses 'q=' to access different pages and I don't want the users to know that there's folder/s existing if the url adds a '?q='. how can I remove or disable that? I'm still new to htaccess thanks!
Here is my current htaccess:
#
# Apache/PHP/msys settings:
#
# Protect files and directories from prying eyes.
<FilesMatch "\.(inc|profile|functions|pg|module|test|po|api|sh|ini|json|.*sql|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$">
Order allow,deny
</FilesMatch>
# Don't show directory listings for URLs which map to a directory.
Options -Indexes
# Follow symbolic links in this directory.
Options +FollowSymLinks
# Set the default handler.
DirectoryIndex index.php index.html index.htm
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^([^\.]+)/?$ ?q=$1 [L]
</IfModule>
ErrorDocument 403 /example/error404
ErrorDocument 404 /example/error404
I want that if someone visits http://domain.com that he is redirected to https://domain.com
The .htaccess file is located at /var/www/html with the following content
<ifmodule mod_rewrite.c="">
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</ifmodule>
My apache2.conf contains:
<Directory /var/www/html>
Options FollowSymLinks
AllowOverride All
Require all granted
SSLRequireSSL
</Directory>
But it does not work, displaying:
Forbidden
You don't have permission to access / on this server.
Edit: I removed the SSLRequireSSL line and disabled the cache in Firefox that saves redirections. If I visit http://domain.com it redirects me to https://domain.com. But still it does not do it for subdirectories as well. If I visit http://domain.com/sub I want to be redirected to https://domain.com
The subdirectory I was talking about was a special one... Didn't think that it would matter. It is an owncloud installation which is shipped with an own .htaccess. My .htaccess was overwritten by that one which did not include my rewrite rule.
My second mistake was, like already mentioned that I had the SSLRequireSSL property set. If this is activated it seems that any .htaccess is just ignored.
I also removed the enclosing if statments from the .htaccess like anubhava suggested.
Hi i uploaded my website in below url : http://zendtest.com/
It shows file strucure in website. How to make public/index.php as default one.
File structure
public_html/
application
public
index.php
.htaccess
library
Anyone can help me ?
You have to define in Apache's httpd.conf DirectoryIndex. Like this:
<IfModule dir_module>
DirectoryIndex index.html index.php
</IfModule>
I just inherited an ExpressionEngine site from someone without much documentation for how it was put together. I'm trying to set up some 301 redirects, but the htaccess file is being ignored. I have a file named .htaccess in the same directory as our index file, yet it isn't being read.
Our IT department says that AllowOverride in Apache is set to "all," and they suspect that the problem is within ExpressionEngine. Is there a place within ExpressionEngine where htaccess can be enabled/disabled, or is this an Apache thing?
Thanks!
Thanks. Here's what I have in the htaccess file:
# Standard .htaccess file
# Secure .htaccess file
<Files .htaccess>
order allow,deny
deny from all
</Files>
Redirect 301 /index.php/info_resources/sites http://www.cptc.edu/index.php/site_directory/
# Don't show any directory without an index file
Options -Indexes
# Dont list files in index pages
IndexIgnore *
# EE 404 page for missing pages
# May differ depending on where your template is located.
ErrorDocument 404 /index.php?/site/404