Apache 2.0.51 on FC2

Daniel B. Thurman dant at cdkkt.com
Wed Nov 17 02:35:21 UTC 2004


Hi folks,

I have searched everywhere to for information on how to make all
of my directories non-browsable by default whereever default indexes
do not exist.  From what I can tell, I am supposed to either supply
empty
default index files with no content (index.html) or to add a .htaccess
file
in every directory with one both of the following entries:

1) Options -Indexes
2) deny from all

>From my testing, it seems to work going into the forward direction
but not in the reverse direction.

For example:

http://www.foobar.com/dir1/dir2/

a) www.foobar.com has a default index file
b) dir1 does not have a default index file but has .htaccess file
c) dir2 does not have a default index file but has .htaccess file

Testing I got this:
1. http://www.foobar.com
** SUCCESS  Page is displayed (and no directory exposure)
2. http://www.foobar.com/dir1
** SUCCESS: "FORBIDDEN" message appears (no directory exposure)
3. http://www.foobar.com/dir1/dir2
** SUCCESS: "FORBIDDEN" message appears (no directory exposure)
4. http://www.foobar.com/dir1/dir2  <<<<<  backspace to get:
http://www.foobar.com/dir1
** FAIL!  Directory and its contents are EXPOSED!

Please tell me if this is a bug or that I am doing *something*
wrong.....

Best regards,
Dan




More information about the fedora-list mailing list