Directory Browsing

xcensus

Verified User
Joined
Sep 4, 2003
Messages
52
directory browsing is on. So that someone can type a path to a folder and see its contents. That’s bad. I don’t want to have to password protect it because I want to link to certain files directly within that folder. My current host has an option to turn off directory browsing and I don’t see one here.

How do I turn the ability to browse directories off ?

Thanx
 
xcensus said:
directory browsing is on. So that someone can type a path to a folder and see its contents. That’s bad. I don’t want to have to password protect it because I want to link to certain files directly within that folder. My current host has an option to turn off directory browsing and I don’t see one here.
Directory browsing is set in the sererwide /httpd.conf file.

We leave ours to not allow directory browsing; while I'm not sure, I've always thought that was the DirectAdmin default.
How do I turn the ability to browse directories off ?
If you don't own your own copy of DirectAdmin you might want to mention it to your hosting company; they might want to turn off directory browsing for everyone and require you to use .htaccess; that's a more secure option.

Jeff
 
Last edited:
Note: I think that with ~username, browsing is on and via domain.com it's off. I've changed our defaut httpd.conf to set "Options -Indexes" (no browsing) in the <Directotry /home/*> setting.

John
 
now this is set by default in Directadmin
Our dedicated suer wants direcotry browsing.

how do we turn that off. If we change it will it revert back on upgrades to DA?
 
What's a "dedicated user"?

Do you mean he has his own system?

If so, you or he can create a template file to change how httpd.conf fill be written; I don't remember right now how to do it, but you can probably find it in these forums or on the "http://help.directadmin.com/" website.

If not, then your client can always create an .htaccess file in each public_html with

Options +Indexes

Jeff
 
If you make the modification to the users httpd.conf file it will reset anytime the user uses DA to change his apache, domain etc settings.
 
Back
Top