Apache 2.0.51 on FC2
Daniel B. Thurman
dant at cdkkt.com
Wed Nov 17 02:35:21 UTC 2004
Hi folks,
I have searched everywhere to for information on how to make all
of my directories non-browsable by default whereever default indexes
do not exist. From what I can tell, I am supposed to either supply
empty
default index files with no content (index.html) or to add a .htaccess
file
in every directory with one both of the following entries:
1) Options -Indexes
2) deny from all
>From my testing, it seems to work going into the forward direction
but not in the reverse direction.
For example:
http://www.foobar.com/dir1/dir2/
a) www.foobar.com has a default index file
b) dir1 does not have a default index file but has .htaccess file
c) dir2 does not have a default index file but has .htaccess file
Testing I got this:
1. http://www.foobar.com
** SUCCESS Page is displayed (and no directory exposure)
2. http://www.foobar.com/dir1
** SUCCESS: "FORBIDDEN" message appears (no directory exposure)
3. http://www.foobar.com/dir1/dir2
** SUCCESS: "FORBIDDEN" message appears (no directory exposure)
4. http://www.foobar.com/dir1/dir2 <<<<< backspace to get:
http://www.foobar.com/dir1
** FAIL! Directory and its contents are EXPOSED!
Please tell me if this is a bug or that I am doing *something*
wrong.....
Best regards,
Dan
More information about the fedora-list
mailing list