: Is the context for the Apache2 Options command varying depending on the flags used? As I was testing various things to make sure my Apache installation was as secure as possible, I decided
As I was testing various things to make sure my Apache installation was as secure as possible, I decided check whether I would see a directory list of files. So I created a test directory and added a couple of files:
/var/www/domain/public_html/test
/var/www/domain/public_html/test/a.txt
/var/www/domain/public_html/test/b.txt
To my surprise, when I went to that test directory, I saw a.txt and b.txt listed.
I went back to my setup file and I did have the Options -Indexes setup, so I was wondering why I would see the files a.txt and b.txt
Only my setup looked like this:
<VirtualHost domain:80>
...
Options -Indexes
...
</VirtualHost>
Looking at the documentation for the Options command, it clearly says:
Context: server config, virtual host, directory, .htaccess
Yet, when I put that specific option directly at the VirtualHost level, it does not do anything.
I changed the setup to move the Options in a Directory tag and it works.
<VirtualHost domain:80>
...
<Directory "/var/www/domain/public_html/">
Options -Indexes
</Directory>
...
</VirtualHost>
Is that just a big Gotcha!? Something that one needs to know about to avoid NOT turning off the option one wants to turn off???
More posts by @Angela700
2 Comments
Sorted by latest first Latest Oldest Best
You can use Options -Indexes directly in the VirtualHost container. However, whether it will have the desired effect when defined here or not will depend on whether Options have been defined anywhere else in the server config. For instance, any <Directory> sections defined anywhere else (that relate to the directory being accessed) are likely to override this, since they are processed later in the request.
Options defined directly in the VirtualHost container will only override Options defined directly in the server config.
Since the Options directive "controls which server features are available in a particular directory", it is far more common to see this in <Directory> containers. Defining Options directly in the server config / VirtualHost is only suitable for defining a base default. However, it is common to see defaults set in a <Directory /> container in the server config which will control the entire server - an Options directive here would override any Options declared directly in the VirtualHost. (Note that "server defaults" should not be declared with the +/- prefixes, so will not be merged.)
The Apache documentation linked to in the question refers to Apache 2.4. On Apache 2.4 Indexes are not enabled by default (default: Options FollowSymLinks), so for this to be enabled on the server at all it must be explicitly defined somewhere.
On Apache 2.2 Indexes are enabled by default (default: Options All), but this can be overridden in the VirtualHost container (providing it is not defined elsewhere).
I have encountered this problem in the past. Based on the help documentation strictly speaking the options -indexes directive should work in the main vhost block but in my experience and based on all examples available on how to use this directive when dealing with disabling directory indexing the directive has to be within the <Directory ""></Directory> block in the vhost file.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.