# [SOLVED] Apache2 - disabling directory index

## avx

I know this is maybe a stupid question, but searching the forums and the apache-docs didn't solve it yet  :Sad: 

Right now, I'm setting up an web-server at home, which should run under apache(2), so I did an 

```
emerge apache
```

, waited until it finished and startet the server via 

```
/etc/init.d/apache2 start
```

.

I'm using the default-config(delivered by Gentoo) for starters and I expected the following behaviour:

localhost -> localhost/index.html -> Apache-Welcome-Page (works as expected)

Now I created a directory

```
mkdir /var/www/localhost/htdocs/test
```

 and within an testfile

```
echo "just a test" > /var/www/localhost/htdocs/test/test.html
```

What I want:

localhost/test/ -> 403 Forbidden -> this doen't work, instead I get the directory-listing showing test.html

localhost/test/test.html -> shows test.html as expected

So, I've read about "Options -Indexes" and entered it to the config at the needed place, restartet apache but it still doesn't work.

So, how do I fix this?

tia,

phLast edited by avx on Wed Nov 08, 2006 12:09 am; edited 1 time in total

----------

## Hagar

It should work.

Where did you add it?

----------

## avx

```
cat /etc/apache/httpd.conf | grep -v "#"
```

```
ServerType standalone

ServerRoot "/usr/lib/apache"

PidFile /var/run/apache.pid

ScoreBoardFile /var/run/apache.scoreboard

ResourceConfig /dev/null

AccessConfig /dev/null

Timeout 300

KeepAlive On

MaxKeepAliveRequests 100

KeepAliveTimeout 15

MinSpareServers 5

MaxSpareServers 10

StartServers 5

MaxClients 150

MaxRequestsPerChild 0

Listen 80

LoadModule access_module                  modules/mod_access.so

LoadModule auth_module                    modules/mod_auth.so

LoadModule anon_auth_module               modules/mod_auth_anon.so

LoadModule dbm_auth_module                modules/mod_auth_dbm.so

LoadModule db_auth_module                 modules/mod_auth_db.so

LoadModule digest_module                  modules/mod_digest.so

LoadModule digest_auth_module             modules/mod_auth_digest.so

LoadModule env_module                     modules/mod_env.so

LoadModule expires_module                 modules/mod_expires.so

LoadModule headers_module                 modules/mod_headers.so

LoadModule mime_module                    modules/mod_mime.so

LoadModule negotiation_module             modules/mod_negotiation.so

LoadModule setenvif_module                modules/mod_setenvif.so

LoadModule config_log_module              modules/mod_log_config.so

LoadModule agent_log_module               modules/mod_log_agent.so

LoadModule referer_log_module             modules/mod_log_referer.so

LoadModule cgi_module                     modules/mod_cgi.so

LoadModule alias_module                   modules/mod_alias.so

LoadModule rewrite_module                 modules/mod_rewrite.so

<IfDefine USERDIR>

    LoadModule userdir_module             modules/mod_userdir.so

</IfDefine>

<IfDefine INFO>

    LoadModule info_module                modules/mod_info.so

</IfDefine>

LoadModule action_module                  modules/mod_actions.so

LoadModule autoindex_module               modules/mod_autoindex.so

LoadModule dir_module                     modules/mod_dir.so

LoadModule status_module                  modules/mod_status.so

LoadModule includes_module                modules/mod_include.so

<IfDefine PROXY>

   LoadModule proxy_module                   modules/libproxy.so

</IfDefine>

Include /etc/apache/modules.d/*.conf

Port 80

User apache

Group apache

ServerAdmin ph030@ph030.de

<Directory />

    Options -Indexes FollowSymLinks

    AllowOverride None

</Directory>

<IfModule mod_userdir.c>

    UserDir public_html

    <Directory /home/*/public_html>

        AllowOverride FileInfo AuthConfig Limit

        Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec

        <Limit GET POST OPTIONS PROPFIND>

            Order allow,deny

            Allow from all

        </Limit>

        <LimitExcept GET POST OPTIONS PROPFIND>

            Order deny,allow

            Deny from all

        </LimitExcept>

    </Directory>

</IfModule>

DirectoryIndex index.html

AccessFileName .htaccess

<Files ~ "^\.ht">

    Order allow,deny

    Deny from all

    Satisfy All

</Files>

UseCanonicalName Off

<IfModule mod_mime.c>

    TypesConfig /etc/mime.types

</IfModule>

DefaultType text/plain

<IfModule mod_mime_magic.c>

    MIMEMagicFile /etc/apache/magic

</IfModule>

HostnameLookups Off

ErrorLog logs/error_log

LogLevel warn

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

LogFormat "%h %l %u %t \"%r\" %>s %b" common

LogFormat "%{Referer}i -> %U" referer

LogFormat "%{User-agent}i" agent

CustomLog logs/access_log common

ServerSignature On

<IfModule mod_alias.c>

    Alias /icons/ "/var/www/localhost/icons/"

    <Directory "/var/www/localhost/icons">

        Options Indexes MultiViews

        AllowOverride None

        Order allow,deny

        Allow from all

    </Directory>

    ScriptAlias /cgi-bin/ "/var/www/localhost/cgi-bin/"

    ScriptAlias /protected-cgi-bin/ /var/www/localhost/protected-cgi-bin/

    <Directory "/var/www/localhost/cgi-bin">

        AllowOverride None

        Options None

        Order allow,deny

        Allow from all

    </Directory>

</IfModule>

<IfModule mod_autoindex.c>

    IndexOptions FancyIndexing

    AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip

    AddIconByType (TXT,/icons/text.gif) text/*

    AddIconByType (IMG,/icons/image2.gif) image/*

    AddIconByType (SND,/icons/sound2.gif) audio/*

    AddIconByType (VID,/icons/movie.gif) video/*

    AddIcon /icons/binary.gif .bin .exe

    AddIcon /icons/binhex.gif .hqx

    AddIcon /icons/tar.gif .tar

    AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv

    AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip

    AddIcon /icons/a.gif .ps .ai .eps

    AddIcon /icons/layout.gif .html .shtml .htm .pdf

    AddIcon /icons/text.gif .txt

    AddIcon /icons/c.gif .c

    AddIcon /icons/p.gif .pl .py

    AddIcon /icons/f.gif .for

    AddIcon /icons/dvi.gif .dvi

    AddIcon /icons/uuencoded.gif .uu

    AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl

    AddIcon /icons/tex.gif .tex

    AddIcon /icons/bomb.gif core

    AddIcon /icons/back.gif ..

    AddIcon /icons/hand.right.gif README

    AddIcon /icons/folder.gif ^^DIRECTORY^^

    AddIcon /icons/blank.gif ^^BLANKICON^^

    DefaultIcon /icons/unknown.gif

    ReadmeName README.html

    HeaderName HEADER.html

</IfModule>

<IfModule mod_mime.c>

    AddLanguage da .dk

    AddLanguage nl .nl

    AddLanguage en .en

    AddLanguage et .ee

    AddLanguage fr .fr

    AddLanguage de .de

    AddLanguage el .el

    AddLanguage he .he

    AddCharset ISO-8859-8 .iso8859-8

    AddLanguage it .it

    AddLanguage ja .ja

    AddCharset ISO-2022-JP .jis

    AddLanguage kr .kr

    AddCharset ISO-2022-KR .iso-kr

    AddLanguage nn .nn

    AddLanguage no .no

    AddLanguage pl .po

    AddCharset ISO-8859-2 .iso-pl

    AddLanguage pt .pt

    AddLanguage pt-br .pt-br

    AddLanguage ltz .lu

    AddLanguage ca .ca

    AddLanguage es .es

    AddLanguage sv .sv

    AddLanguage cs .cz .cs

    AddLanguage ru .ru

    AddLanguage zh-TW .zh-tw

    AddCharset Big5         .Big5    .big5

    AddCharset WINDOWS-1251 .cp-1251

    AddCharset CP866        .cp866

    AddCharset ISO-8859-5   .iso-ru

    AddCharset KOI8-R       .koi8-r

    AddCharset UCS-2        .ucs2

    AddCharset UCS-4        .ucs4

    AddCharset UTF-8        .utf8

    <IfModule mod_negotiation.c>

        LanguagePriority en da nl et fr de el it ja kr no pl pt pt-br ru ltz ca es sv tw

    </IfModule>

    AddType application/x-tar .tgz

    AddEncoding x-compress .Z

    AddEncoding x-gzip .gz .tgz

</IfModule>

<IfModule mod_setenvif.c>

    BrowserMatch "Mozilla/2" nokeepalive

    BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0

    BrowserMatch "RealPlayer 4\.0" force-response-1.0

    BrowserMatch "Java/1\.0" force-response-1.0

    BrowserMatch "JDK/1\.0" force-response-1.0

</IfModule>

<IfDefine INFO>

    <Location /server-info>

        SetHandler server-info

        Order deny,allow

        Deny from all

        Allow from localhost

   </Location>

</IfDefine>

Include /etc/apache/vhosts.d/*.conf
```

Don't know, if it's important, but:

```
[#][/var/www/localhost/htdocs] ls -l *

-rw-r--r-- 1 apache apache 2414  7. Nov 21:39 apache_pb2.gif

-rw-r--r-- 1 apache apache 2326  7. Nov 21:39 apache_pb.gif

-rw-r--r-- 1 apache apache 1443  7. Nov 21:39 index.html

test:

insgesamt 4

-rw-r--r-- 1 apache apache 12  8. Nov 00:41 test.html
```

Thx for your help so far.

ph

----------

## Hagar

I'll give you an example of why it doesn't work.

Take the following pieces of your config:

```

<Directory />

    Options -Indexes FollowSymLinks

    AllowOverride None

</Directory>

    <Directory "/var/www/localhost/icons">

        Options Indexes MultiViews

        AllowOverride None

        Order allow,deny

        Allow from all

    </Directory> 
```

You disable it for / and then re enable it for /var/www/localhost/icons

What does that tell you?

```
Include /etc/apache/vhosts.d/*.conf
```

That's where you should be looking.

----------

## avx

 *Quote:*   

> That's where you should be looking.

 

Oh well, I absolutely didn't thought about looking there  :Embarassed: 

Thank you very much.

cheers,

ph

[SOLVED!]

----------

## Dr. Frankenbox

On an Apache install I've had for a while, I recently noticed that despite this directive in httpd.conf:

```
<Directory />

    Options FollowSymLinks -Indexes

    AllowOverride None

</Directory>

```

Apache still insists on generating directory listings for every directory without an index.[html|php].  What could be overriding this directive?  I've searched the entire file (httpd.conf), and this is the only place that the word "Indexes" occurs.

----------

## nixnut

merged above post here.

----------

## Dr. Frankenbox

I'm sorry, I don't understand what you're saying.  Are you telling me to start a new thread since this one is closed?

----------

## chillmaster

Trying to disable directory indexes... any idea why this isnt working?

```

<VirtualHost 111.111.111.111:80>

    ServerName domain.net

    ServerAlias domain.net www.domain.net

    DocumentRoot /home/user/vhosts/domain.net/htdocs

    CustomLog /home/user/vhosts/domain.net/logs/access_log combined

    ErrorLog /home/user/vhosts/domain.net/logs/error_log

    ScriptAlias /cgi-bin/ /home/user/vhosts/domain.net/cgi-bin/

    XBitHack on

    <Directory /home/user/vhosts/domain.net/htdocs>

        AllowOverride All

        Options -FollowSymLinks -Indexes

        Order allow,deny

        Allow from all

    </Directory>

    <IfModule itk.c>

        AssignUserID user user

        MaxClientsVHost 50

    </IfModule>

        RewriteEngine          on

        # Block TRACK and TRACE methods

        ReWriteCond %{REQUEST_METHOD} ^TRACE

        RewriteRule .* - [F]

</VirtualHost>

```

Any help would be appreciated...

```
hackdmz magari # apache2 -V

Server version: Apache/2.2.8 (Unix)

Server built:   Feb  4 2008 08:11:01

Server's Module Magic Number: 20051115:11

Server loaded:  APR 1.2.11, APR-Util 1.2.10

Compiled using: APR 1.2.11, APR-Util 1.2.10

Architecture:   32-bit

Server MPM:     ITK

  threaded:     no

    forked:     yes (variable process count)

Server compiled with....

 -D APACHE_MPM_DIR="server/mpm/experimental/itk"

 -D APR_HAS_SENDFILE

 -D APR_HAS_MMAP

 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)

 -D APR_USE_SYSVSEM_SERIALIZE

 -D APR_USE_PTHREAD_SERIALIZE

 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT

 -D APR_HAS_OTHER_CHILD

 -D AP_HAVE_RELIABLE_PIPED_LOGS

 -D DYNAMIC_MODULE_LIMIT=128

 -D HTTPD_ROOT="/usr"

 -D SUEXEC_BIN="/usr/sbin/suexec"

 -D DEFAULT_PIDLOG="/var/run/httpd.pid"

 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"

 -D DEFAULT_LOCKFILE="/var/run/accept.lock"

 -D DEFAULT_ERRORLOG="logs/error_log"

 -D AP_TYPES_CONFIG_FILE="/etc/apache2/mime.types"

 -D SERVER_CONFIG_FILE="/etc/apache2/httpd.conf"

```

----------

## kashani

Try swapping the order on these lines

```

   Options -FollowSymLinks -Indexes 

   AllowOverride All
```

Also make sure that you are actually ending up in the right vhost.

kashani

----------

## gerdesj

According to the manual:

Indexes

    If a URL which maps to a directory is requested, and there is no DirectoryIndex (e.g., index.html) in that directory, then mod_autoindex will return a formatted listing of the directory.

Now, if you have turned off indexes with -Indexes then the only thing left is index.html.  Or things are not quite what they seems ...

Cheers

Jon

----------

## chillmaster

Swapped those two lines to...

```
<Directory /home/user/vhosts/domain.net/htdocs>

        Options -FollowSymLinks -Indexes

        AllowOverride All

        Order allow,deny

        Allow from all

    </Directory>

```

Still no go...

I see mod_autoindex in /etc/apache2/modules.d, but its an IfModule and I don't see it declared anywhere else.Last edited by chillmaster on Thu May 01, 2008 1:09 am; edited 1 time in total

----------

## chillmaster

err... my bad

```
 <Directory /home/user/vhosts/domain.net/htdocs>

        AllowOverride All

        Options -FollowSymLinks -Indexes

        Order allow,deny

        Allow from all

    </Directory>

```

still no go..

----------

## HitMaker

Ok, I've tried the following to prevent DirectoryIndex:

1- Created I .htaccess in /var/www with

"Options -Indexes"

2- Modified the /etc/apache2/modules.d/00_default_settings.conf with the 

<Directory "/var/www/testdir">

Options -Indexes

</Directory>

And both of them didn't work, I've to created a blank  index.html page in /var/www/localhost/htdocs/   :Rolling Eyes:   :Rolling Eyes: 

Either +Indexes now doesn't work and shows the blank index page   :Crying or Very sad: 

Where do i Have to put it?

----------

## nixnut

merged above post here

or maybe this helps: https://forums.gentoo.org/viewtopic-t-543683-highlight-apache+indexes.html

----------

