: Force directory listing even if index.html is present I have some files in my /www/ directory. Is it true that by simply putting an index.html into that directory, the rest of the files are
I have some files in my /www/ directory. Is it true that by simply putting an index.html into that directory, the rest of the files are now "protected from public"? Could an outside hacker still force directory listing or gain access to those files? How would they do it if it were possible?
I'm aware of the ways to make my filesystem secure, but I was wondering to what extent does just putting an index file have on protecting files/directory listing.
More posts by @Cody1181609
1 Comments
Sorted by latest first Latest Oldest Best
If you are using apache, and you have a index file specified (which is present), there is no way to trick apache into not using the index file. It will simply cause a 404.
Some frameworks put a index.php file into every single directory, with as little content as this:
<?php
// silence is golden
?>
The simple reason to actually put a file, is that although most (95%) webservers outthere are apache, there are a few, that arent. A few of these does not support .htaccess settings, that commonly is used to deny directory listing.
The directory view you are seeing is most likely caused by the option Indexes option in your website, and be easily disabled by removing it totally, or creating a .htaccess file with the following contents:
Options -Indexes
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.