You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Kevin Konowalec <ke...@ualberta.ca> on 2005/03/10 14:03:32 UTC
[users@httpd] "hidden" directories
I've noticed that in apache2 if you have a .htaccess file in a
directory, if you then try to get the index of the parent directory (I
have indexes on) the directory does not show up until you have
authenticated.
For example, directory FOO which resides in /BAR has a .htaccess file
in it. So when I hit http://www.myserver.com/BAR I do not see the FOO
directory. If I go to http://www.myserver.com/BAR/FOO directly and
authenticate, I can then see FOO when I get an index of BAR.
So the question is... can this behavior be turned off or is it a
"feature" of apache2? 1.3.x didn't behave this way...
Thanks
Kevin
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] "hidden" directories
Posted by Joshua Slive <js...@gmail.com>.
On Thu, 10 Mar 2005 06:03:32 -0700, Kevin Konowalec
<ke...@ualberta.ca> wrote:
> I've noticed that in apache2 if you have a .htaccess file in a
> directory, if you then try to get the index of the parent directory (I
> have indexes on) the directory does not show up until you have
> authenticated.
>
> For example, directory FOO which resides in /BAR has a .htaccess file
> in it. So when I hit http://www.myserver.com/BAR I do not see the FOO
> directory. If I go to http://www.myserver.com/BAR/FOO directly and
> authenticate, I can then see FOO when I get an index of BAR.
>
> So the question is... can this behavior be turned off or is it a
> "feature" of apache2? 1.3.x didn't behave this way...
It is by design, for security reasons. 2.1 (the development version)
has an IndexOptions setting called "ShowForbidden" which will undo
this behavior:
http://httpd.apache.org/docs-2.1/mod/mod_autoindex.html#indexoptions
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org