Win a copy of Murach's Python Programming this week in the Jython/Python forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

restrict directory access using apache  RSS feed

 
Ashutosh Uprety
Ranch Hand
Posts: 39
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
what should I do to restrict a user from getting a directory listing of files when he enters a URL.
Currently if someone types the URL of the site I am developing, then all the files in that directory get listed.
In tomcat, I know that we need to set a restriction in the server.xml file, but using apache+tomcat combi, I am unable to do that.
My config is
Apache+tomcat on win9x
Thanks
 
Jason Menard
Sheriff
Posts: 6450
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The easiest way to do this regardless of what server you are on is to simply put in a blank index.html file, or an index.html file that has some message you want to relay.
 
Ashutosh Uprety
Ranch Hand
Posts: 39
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
i am using apache+tomcat.
If someone wants to hack into my code, then all he has to do is to put a "dot" after the jsp name and the whole code comes to the screen. How should i stop this.
Example
if the jsp is password.jsp in the "security" folder, then all I have to do is to type:
"http://servername/proj/security/password.jsp." and the whole code will come up in the browser.
Mind you, there is a "dot" in the end.
Can anyone tell me how to restrict this on apache ???
 
Detlev Beutner
Ranch Hand
Posts: 76
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Try this in http.conf:

Important is /not/ to set "Indexes"; this would allow a directory listing if no index.html (or whatever default file you have declared) exists.
Hope it helps
Detlev
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!