I wanted to disable directory browsing on my Apache server. I changed my /etc/httpd/conf/httpd.conf file to remove Indexes:
# Comment out old:
# Options Indexes FollowSymLinks
# New:
Options FollowSymLinks
I restarted Apache with apachectl -k restart.
However, this doesn't work as the directory listing is still possible.
I am running CentOS 5.8 linux and Plesk 11.
What to do?
I think you are looking for the Indexes option:
Options All -Indexes
You can simply put this line into .htaccess in your www root or in whatever folder you want all subfolders to deny listings.
or in httpd.conf:
<Directory /var/www>
Options -Indexes
</Directory>
Related
I have a Linux box running Centos 6.6 with Apaches 2.2.x
For some unknown reason, turning on the rewrite engine causes a 403 error (this happens whether I add a rewrite rule or not).
I have spent hours researching this and have made changes to my config in accordance with advice I have found in many places, but still got nowhere.
Currently in my .htaccess I have this:
<IfModule mod_rewrite.c>
Options +FollowSymLinks
RewriteEngine On
</IfModule>
In the directives for the virtual host, I have this:
DocumentRoot /var/www/html/example.uk
<Directory /var/www/html/example.uk>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
ServerName example.uk
ServerAlias www.example.uk
(This seems to work in a Debian box, but not for my Centos machine.)
In my httpd.conf I have changed
AllowOverride None
to
AllowOverride All
my httpd.conf also contains
LoadModule rewrite_module modules/mod_rewrite.so
Error log says:
Options FollowSymLinks or SymLinksIfOwnerMatch is off which implies that RewriteRule directive is forbidden: /var/www/html/example.uk
Now, I have previously added SymLinksIfOwnerMatch to the directives, but it didn't solve the problem.
I followed this and all seemed to go as it should.
This happens when Apache doesn't have execute rights for
/var
/var/www
/var/www/html
/var/www/html/example.uk
Run:
chmod o+x /var /var/www /var/www/html /var/www/html/example.uk
Since apache version >= 2.4 directive
Order allow,deny
allow from all
leads to a global 403, to ensure this if you check you're apache's log :
[Tue May 05 11:54:32.471679 2015] [authz_core:error] [pid 9497] [client 127.0.0.1:35908] AH01630: client denied by server configuration: /path/to/web/
Comment Directive Order and add Require all granted like bellow:
Require all granted
#Order allow,deny
#allow from all
Hope this help.
Edit :
explanation from apache
This behaviour is provided by new module mod_authz_host
For list of restriction available (ip, host, etc) http://httpd.apache.org/docs/2.4/en/mod/mod_authz_host.html
You should remove this line from htaccess
Options +FollowSymLinks
You already have it in the apache vhost file. Also if you should add a rule if you're going to turn on mod_rewrite or there is no point to turning it on.
Another possibility with Apache 2.4 is caused by Options -FollowSymlinks which will also throw a 403 error and generate the following log:
AH00670: Options FollowSymLinks and SymLinksIfOwnerMatch are both off,
so the RewriteRule directive is also forbidden due to its similar
ability to circumvent directory restrictions
This was not the case in the original post, but if it comes up you would need to re-enable FollowSymLinks using this line:
Options +FollowSymLinks
OK, I've been having some issues with aws or something, such that I cannot seem to get mod_rewrite to work.
Just for testing purposes I've done the following:
1 used aws console to deploy fresh ami 64 bit instance from wizard
2 yum installed apache
3 edited /etc/httpd/conf/httpd.conf:
so that
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
looks like
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
4 made sure that
LoadModule rewrite_module modules/mod_rewrite.so
is in the file and uncommented.
5 restarted apache:
sudo /sbin/service httpd restart
6 created two new files:
/var/www/html/test1.html
contains:
this is test1!
/var/www/html/test2.html
contains:
this is test2!
7 created file:
/var/www/html/.htaccess
contains (IN TOTAL):
RewriteEngine on
RewriteRule ^test1\.html$ test2.html [L]
8 went to:
http://[my aws server]/test1.html
Am getting "this is test1!"
I am doing something wrong here, but for the life of me I have no idea what. Any help is greatly appreciated...
EDIT: I added nonsense chars/numbers to the beginning of my .htaccess file, and restarted apache (not 100% sure that is needed, but what the hey...), and nothing happened. In other words, I expected that going to the url [aws server]/test1.html would result in some kind of error, but it did not. I suspect apache is not even reading the .htaccess file.
EDIT: I added the following to my httpd.conf file:
RewriteLog "/tmp/rewrite.log"
RewriteLogLevel 9
The file is created when I restart apache, but nothing ever goes in there when I go to either page I've set up. I'm failing to do something very, very basic here, but I'm not sure what...
Not sure if this is the cause of your problems, but you shouldn't mess with the
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
line, and it should be something like:
<Directory />
Options FollowSymLinks
AllowOverride None
Deny from all
</Directory>
You should add the directory of your document root as a different container:
<Directory /var/www/html/>
Options FollowSymLinks
AllowOverride All
Allow from all
</Directory>
Took me a while to find this but in some installs Apache will use multiple config files.
Look in "/etc/apache2/sites-enabled/000-default" and check that AllowOveride is set to All
Try it. This work for me.
The first, you need to make sure the .htaccess file put in correct directory.
For this, you go to sites-enabled folder and check which the .conf files are enabled.
cd /etc/apache2/sites-enabled
ls
Ex: 000-default.conf
Then, goto sites-available folder to edit that .conf file.
cd ../sites-available
sudo gedit 000-default.conf
Find to DocumentRoot and check directory again.
If you put .htaccess file in /var/www/html/.htaccess so this line look like this:
DocumentRoot /var/www/html/
The second, You need modify <Directory> block look like this.
<Directory /var/www/html>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
# This directive allows us to have apache2's default start page
# in /apache2-default/, but still have / go to the right place
#RedirectMatch ^/$ /apache2-default/
</Directory>
Finally, you save file and restart apache
service apache2 restart
Hope this help!
Iam trying to redirect my home page or any other page on the site to a particular php page .
This is my htaccess
Redirect 301 http://test.com/info http://test.com/get_forms_data.php
Options +FollowSymlinks
RewriteEngine ON
RewriteRule ^test.php$ http://test.com/get_forms_data.php [R=301,L]
I have checked my apache server .rewrite is enabled .
It still doesnt work .
If no matter what you put into your .htaccess file, you don't even get an error, that means that you probably need to have
AllowOverride All
set in your site configuration.
If you're on ubuntu, the place to look for the configuration is /etc/apache2/sites-available/. There you should find a file called default if this is a stock install of the default LAMP stack (https://help.ubuntu.com/community/ApacheMySQLPHP).
The key part there is this:
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
Now change AllowOverride None to AllowOverride All. After that don't forget to restart your apache like so:
$ service apache2 restart
As an addition to Morgan's answer, putting AllowOverride All in your virtual host is sometimes not enough. I had this in my virtual host:
<VirtualHost *:80>
...
<Directory />
...
AllowOverride All
...
</Directory>
</VirtualHost>
You would expect this to work, wouldn't you, <Directory /> means it should be applied to everywhere on the file system. But .htaccess was still being ignored. Restarting the server did not help. I put junk in the .htaccess file to confirm it was not being read.
My mistake was assuming a virtual host overrides the global configuration. Kind of it does: my above configuration overrides any global settings for the / directory. But the global configuration overrides it back for /var/www/ and below. My fix is:
<VirtualHost *:80>
...
<Directory /var/www>
...
AllowOverride All
...
</Directory>
</VirtualHost>
(this assumes none of the other configuration needed to apply outside /var/www; if it does, make a separate <Directory /> block for just that special configuration.)
I was struggling with the same problem, and Darren Cook's answer gave me the definitive clue to find the solution.
My app was in some folder out of th public www path, lt's say in /opt/my_app.
I couldn't create a VirtualHost, so I created a symlink in Apache's public www ponting to my folder:
/var/www/html/my_app -> /opt/my_app
The thing is, in my App's Apache config file, I was specifying:
<Directory /opt/my_app>
AllowOverride All
</Directory>
And my .htaccess file wasn't being read. Then I saw that in Apache's configuration there was this:
<Directory /var/www/html>
AllowOverride None
</Directory>
Then I realised that Apache config files do not care about symlinks, and therefore the general rule was being applied to my App's foler. I changed Directory to:
<Directory /var/www/html/my_app>
AllowOverride All
</Directory>
And everything worked.
If Redirection doesn't work inspite of updating apache2.conf
According to the accepted answer, I updated AllowOverride None to AllowOverride All in the apache2.conf file, however redirection via .htaccess file was still not working for me!
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All # did not work inspite of setting to "All"
Order allow,deny
allow from all
</Directory>
What worked for me...
I had to also enable module redirection
// enable module redirection
sudo a2enmod rewrite
Of course, do not to forget to restart your apache server for the changes to take effect
Reference
Assuming /var/www/html is the working directory:
Change from AllowOverride None to AllowOverride All
<Directory /var/www/html>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
I need help with EasyPHP and .htaccess .
The .htaccess file isn't working, I think its because I didn't setup something with EasyPHP.
My EasyPHP version is 5.3.8.1
Maybe anyone knows how to fix this problem ?
.htaccess file :
Options +FollowSymlinks
RewriteEngine on
RewriteRule ^get/([^/]+) /func/get.php?link=$1 [NC]
Default installation of Apache in EasyPHP don't have activated the option to use .htaccess files to modify server configuration in folders.
You have to tell Apache what configuration can be changed with .htaccess files, and in which folder. To enable all config changes on main web server, you should edit http.conf (in Apache/conf folder), and look for:
<Directory "${path}/www">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.2/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride None
#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all
</Directory>
and change
AllowOverride None
to
AllowOverride All
To better fine tune it, read documentation about AllowOverride in:
http://httpd.apache.org/docs/2.2/mod/core.html#allowoverride
Also, check that http.conf has mod_rewrite activated, look for:
#LoadModule rewrite_module modules/mod_rewrite.so
And remove the leading "#"
LoadModule rewrite_module modules/mod_rewrite.so
When working on a local website I fixed this problem by adding the website path (with the .htaccess) as a virtual host. Easyphp has got a module for this: 'Virtual Hosts Manager'. This wil automatically take care of the httpd.conf.
I need to disable that indexing when I enter on my root directory on a apache2 server, any tips?
Edit your apache2 configuration file which normally is on the dir: "/etc/apache2/httpd.conf".
Add the following or edit if your already have some configurations for the default web server dir (/var/www):
<Directory /var/www>
Options -Indexes
AllowOverride All
Order allow,deny
Allow from all
</Directory>
This will disable the indexing to all the public directories.
Usually done like this:
Options -Indexes
The minus means "no"...
If it's only one directory that you want to protect from viewing contents, you can also just add an index.html or index.php that will show whenever someone browses to that directory.
sudo nano /etc/apache2/apache2.conf
Located this section <Directory /var/www/> in the file
Add a minus to Indexes (Denied)
Add a plus to FollowSymLinks
Result :
<Directory /var/www/>
Options -Indexes +FollowSymLinks
AllowOverride None
Require all granted
</Directory>
Works in Raspbian
You'll get the message : "You don't have permission to access "Directory" on this server."
If you have the a2dismod utility on your distro you can remove the module entirely if you don't need directory indexes at all:
sudo a2dismod --force autoindex
Use the --force or -f flag to avoid the following warning:
WARNING: The following essential module will be disabled.
This might result in unexpected behavior and should NOT be done
unless you know exactly what you are doing!
autoindex
To continue type in the phrase 'Yes, do as I say!' or retry by passing '-f': Yes, do as I say!
Module autoindex disabled.
To activate the new configuration, you need to run:
systemctl restart apache2
Here are the docs for mod_autoindex
Make sure that you also add -Indexes to the config files in your sites-enabled (or sites-available as it was in my case) directory, they're usually inside the "/etc/apache2/" directory.