+  planetsuper forums
|-+  Main» Games» Paintball2» File Listing w/Apache
Username:
Password:
Home Arcade
Advanced Search
Login Register
Pages: [1]
« previous next »
  Print  
Author Topic: File Listing w/Apache  (Read 551 times)
jitspoe
Platinum Member
***
Posts: 1511
« on: Dec 28, 2006, 10:17 PM »
I'm trying to make Apache list the contents of a directory.  I created a .htaccess file and added "Options +Indexes", but it's still giving me access denied.  Anybody know how to do this?  I'm trying to get some maps up like dpball.com used to have.
Logged
BALETED!
KnacK
Senior Member
***
Posts: 284
« Reply #1 on: Dec 28, 2006, 10:25 PM »
Do you have a directory full of images or zips that you do not want people to be able to browse through? Typically a server is setup to prevent directory listing, but sometimes they are not. If not, become self-sufficient and fix it yourself:

    IndexIgnore *

The * is a wildcard that matches all files, so if you stick that line into an htaccess file in your images directory, nothing in that directory will be allowed to be listed.

On the other hand, what if you did want the directory contents to be listed, but only if they were HTML pages and not images? Simple says I:

    IndexIgnore *.gif *.jpg

This would return a list of all files not ending in .jpg or .gif, but would still list .txt, .html, etc.

And conversely, if your server is setup to prevent directory listing, but you want to list the directories by default, you could simply throw this into an htaccess file the directory you want displayed:

    Options +Indexes

If you do use this option, be very careful that you do not put any unintentional or compromising files in this directory. And if you guessed it by the plus sign before Indexes, you can throw in a minus sign (Options -Indexes) to prevent directory listing entirely--this is typical of most server setups and is usually configured elsewhere in the apache server, but can be overridden through htaccess.

If you really want to be tricky, using the +Indexes option, you can include a default description for the directory listing that is displayed when you use it by placing a file called HEADER in the same directory. The contents of this file will be printed out before the list of directory contents is listed. You can also specify a footer, though it is called README, by placing it in the same directory as the HEADER. The README file is printed out after the directory listing is printed.


From:
http://www.javascriptkit.com/howto/htaccess11.shtml
Logged
loial21
Senior Member
***
Posts: 284


Live long and prosper
« Reply #2 on: Dec 28, 2006, 10:28 PM »
We use this at work.

Apache Tomcat/5.5.0-dev. 

You could not find it here?
http://wiki.apache.org.



*YARR! Beaten by an old blue thing! Well at least your smarter than the average smurf.
« Last Edit: Dec 28, 2006, 10:30 PM by loial21 » Logged
Peace be onto you and yours forever.

"I do cocaine!!!" - DR. Rockso
http://www.division-usa.com/gallery/displayimage.php?album=2&pos=5
KnacK
Senior Member
***
Posts: 284
« Reply #3 on: Dec 28, 2006, 10:29 PM »
Here's a great cheat sheet from:
http://www.thejackol.com/htaccess-cheatsheet/

Code:
Enable Directory Browsing

Options +Indexes
## block a few types of files from showing
IndexIgnore *.wmv *.mp4 *.avi

Disable Directory Browsing

Options All -Indexes

Customize Error Messages

ErrorDocument 403 /forbidden.html
ErrorDocument 404 /notfound.html
ErrorDocument 500 /servererror.html

Get SSI working with HTML/SHTML

AddType text/html .html
AddType text/html .shtml
AddHandler server-parsed .html
AddHandler server-parsed .shtml
# AddHandler server-parsed .htm

Change Default Page (order is followed!)

DirectoryIndex myhome.htm index.htm index.php

Block Users from accessing the site

<limit GET POST PUT>
order deny,allow
deny from 202.54.122.33
deny from 8.70.44.53
deny from .spammers.com
allow from all
</limit>

Allow only LAN users

order deny,allow
deny from all
allow from 192.168.0.0/24

Redirect Visitors to New Page/Directory

Redirect oldpage.html http://www.domainname.com/newpage.html
Redirect /olddir http://www.domainname.com/newdir/

Block site from specific referrers

RewriteEngine on
RewriteCond %{HTTP_REFERER} site-to-block\.com [NC]
RewriteCond %{HTTP_REFERER} site-to-block-2\.com [NC]
RewriteRule .* - [F]

Block Hot Linking/Bandwidth hogging

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com/.*$ [NC]
RewriteRule \.(gif|jpg)$ - [F]

Want to show a “Stealing is Bad” message too?

Add this below the Hot Link Blocking code:

RewriteRule \.(gif|jpg)$ http://www.mydomain.com/dontsteal.gif [R,L]

Stop .htaccess (or any other file) from being viewed

<files file-name>
order allow,deny
deny from all
</files>

Avoid the 500 Error

# Avoid 500 error by passing charset
AddDefaultCharset utf-8

Grant CGI Access in a directory

Options +ExecCGI
AddHandler cgi-script cgi pl
# To enable all scripts in a directory use the following
# SetHandler cgi-script

Password Protecting Directories

Use the .htaccess Password Generator and follow the brief instructions!

Change Script Extensions

AddType application/x-httpd-php .gne

gne will now be treated as PHP files! Similarly, x-httpd-cgi for CGI files, etc.

Use MD5 Digests

Performance may take a hit but if thats not a problem, this is a nice option to turn on.

ContentDigest On

The CheckSpelling Directive

From Jens Meiert: CheckSpelling corrects simple spelling errors (for example, if someone forgets a letter or if any character is just wrong). Just add CheckSpelling On to your htaccess file.

The ContentDigest Directive

As the Apache core features documentation says: “This directive enables the generation of Content-MD5 headers as defined in RFC1864 respectively RFC2068. The Content-MD5 header provides an end-to-end message integrity check (MIC) of the entity-body. A proxy or client may check this header for detecting accidental modification of the entity-body in transit.

Note that this can cause performance problems on your server since the message digest is computed on every request (the values are not cached). Content-MD5 is only sent for documents served by the core, and not by any module. For example, SSI documents, output from CGI scripts, and byte range responses do not have this header.”

To turn this on, just add ContentDigest On.

Save Bandwidth

# Only if you use PHP
<ifmodule mod_php4.c>
php_value zlib.output_compression 16386
</ifmodule>

Turn off magic_quotes_gpc

# Only if you use PHP
<ifmodule mod_php4.c>
php_flag magic_quotes_gpc off
</ifmodule>
Logged
jitspoe
Platinum Member
***
Posts: 1511
« Reply #4 on: Dec 28, 2006, 11:03 PM »
Like I said, I already added "Options +Indexes", but it's still giving me the forbidden error.
Logged
BALETED!
XtremeBain
Member
**
Posts: 85
« Reply #5 on: Dec 29, 2006, 12:17 AM »
You need to set 'AllowOverride All' in your apache config within a Directory declaration.

Here's a snippet from one of my vhost sites.

Code:
<Directory "/var/www/fat-sound">
  AllowOverride All
  allow from all
  Options +Indexes
</Directory>

This sets the default to always show indexes, but I can override it with an .htaccess file in case I didn't want listing in a particular folder.

Edit: I know it says it defaults to 'All' but I found with my install of apache2 it was 'hardened' to None by default, and I had to set it manually in each directory.
« Last Edit: Dec 29, 2006, 12:20 AM by XtremeBain » Logged
jitspoe
Platinum Member
***
Posts: 1511
« Reply #6 on: Dec 29, 2006, 01:26 PM »
Thanks, Bain.  I'm guessing I have to restart Apache after I do this?

Edit: Got it.  Now I'm trying to make a symlink to the maps directory that's actually on the server, but it doesn't seem to be showing up.  I tried adding "Options Indexes FollowSymLinks" but it didn't do anything.

Here's what I have:
Code:
<Directory "/var/www/html/files">
    AllowOverride All
    Allow from all
    Options +Indexes
    Options Indexes FollowSymLinks
</Directory>

<Directory "/home/admin/paintball2/pball/maps">
    AllowOverride All
    Allow from all
    Options +Indexes
    Options Indexes FollowSymLinks
</Directory>

In the files directory, there's a link to the maps directory.  It doesn't show up, though:
http://dplogin.com/files/

Edit2: It's also treating .map files as something special.  How do I fix this?
« Last Edit: Dec 29, 2006, 01:47 PM by jitspoe » Logged
BALETED!
XtremeBain
Member
**
Posts: 85
« Reply #7 on: Dec 29, 2006, 02:13 PM »
Quote from: jitspoe on Dec 29, 2006, 01:26 PM
Now I'm trying to make a symlink to the maps directory that's actually on the server, but it doesn't seem to be showing up.  I tried adding "Options Indexes FollowSymLinks" but it didn't do anything.

Make sure the directory and its contents are chmod/chown'd correctly so that apache can access it (apache is probably running as apache:apache).  Or you could just chmod +r the entire folder to make it accessible to all users.

Quote from: jitspoe on Dec 29, 2006, 01:26 PM
Edit2: It's also treating .map files as something special.  How do I fix this?

You're going to have to add/change the .map entry in your /etc/mime.types file.

Alternatively, apache can manage this in .htaccess or httpd.conf using mod_mime
Logged
jitspoe
Platinum Member
***
Posts: 1511
« Reply #8 on: Dec 29, 2006, 02:19 PM »
The folder is already +r'd and +x'd for all users.  I don't see the map extension in the mime.types file.  Apache is treating it as a special file...

http://dplogin.com/files/mapmaking/mapfiles/pbcup_dsm1q.map
Quote
Menu for /files/mapmaking/mapfiles/pbcup_dsm1q.map
[an internal server error occured]
Logged
BALETED!
Pages: [1]
  Print  
Show unread posts since last visit

« previous next »
 
Jump to:  

Powered by SMF 1.1.4 | SMF © 2006-2007, Simple Machines LLC