Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Click here to return to the 'Prevent Apache from serving .DS_Store files' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Prevent Apache from serving .DS_Store files
Authored by: Harold on May 30, '03 11:59:30AM

Even better. Disallow anything starting with a dot.

# Disallow viewing of .DS_Store, .FBCIndex etc.
# These files are internal to MacOSX but are a potential security risk
# so basically we don't allow access to ANYTHING that starts with a dot

<FilesMatch "^\.">
Order allow,deny
Deny from all
Satisfy All


[ Reply to This | # ]
Prevent Apache from serving .DS_Store files
Authored by: loucasa on May 30, '03 10:36:21PM

Would any of these suggestions prevent Apache from displaying a directory listing if someone were to try to access http://myipnumber/ or http://myipnumber/~myuserid/ without specifying a file (e.g. index.html) in the url? Or is there a way that I can force a url to the directory to access a specific file or alternates?


[ Reply to This | # ]
Prevent Apache from serving .DS_Store files
Authored by: aaronfaby on May 31, '03 12:42:54AM

Add "-Indexes" to the document root Directory container.

[ Reply to This | # ]
Preventing Apache from listing directory contents
Authored by: newbish on Jun 03, '03 09:26:59AM

Yes, Lou, there is a way!

Apache allows you to tell it what it can or cannot show when it is asked to serve a directory without any index page in it. The details for what else you can ask Apache to do in such a case can be found in the Apache manual. The URL on your computer will be:

The keyword will be "Indexing."

To stop index listings being created, here is the shortcut if you want it right away. First edit the Apache Configuration file, httpd.conf with:

sudo pico /etc/httpd/httpd.conf

And add this block of text to the end of the file:

# Don't allow any files in an index listing of the directory
<Directory /Library/WebServer/Documents/*>
IndexIgnore *
# end of index limiting

I think this will solve your problem in the shortrun. For more complex matters, you can use the indexing commands in Apache to actually point to a generic index.html should a directory not contain one.

[ Reply to This | # ]
A Far More Elegant Solution
Authored by: newbish on Jun 03, '03 11:56:11AM
Hi, Lou,

Just needed to give myself a minute to come up with something better than my last solution! First I told you to use IndexIgnore * so that Apache's indexing engine would not list any files in the index.

Starting with my previous example, replace IndexIgnore * with this line:

DirectoryIndex index.html /oops.txt

You must also create a text file name oops.txt that contains a message like, "no files here for you to see!" and store it in /Library/WebServer/Documents/. Now when anyone surfing to a directory on your machine that contains no index.html will get the message in opps.txt. This will be global for your machine, and I think this is a better solution than what I suggested earlier. Amazing what I can come up with when I RTF. :)

[ Reply to This | # ]