DO NOT REPLY [Bug 11759] New: - Allow disabling mod_autoindex on a per-directory basis

[bu...@apache.org]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11759>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11759

Allow disabling mod_autoindex on a per-directory basis

           Summary: Allow disabling mod_autoindex on a per-directory basis
           Product: Apache httpd-1.3
           Version: 1.3.26
          Platform: Other
        OS/Version: Other
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: mod_autoindex
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: phr-apache@nightsong.com


Forgetting to create an index.html file is a common security lapse, that lets
intruders prowl around the directory using mod_autoindex.

Therefore, there should be a configuration directive to disable mod_autoindex
at either the global level, in a virtual server block, or in a directory block.
Something like "AutoIndex On" to enable auto-indexing, and "AutoIndex Off"
to disable it, would do the job.

A typical way to use it would be to set "AutoIndex Off" in httpd.conf,
disabling auto-indexing by default.  Individual directories could override
the default and enable auto-indexing in their .htaccess file, if AllowOverrides
is set to allow overriding mod_autoindex directives.  Alternatively, 
auto-indexing could be enable for specific directories using AutoIndex
directives in <directory> blocks for those directories.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org