You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2002/08/16 04:40:34 UTC
DO NOT REPLY [Bug 11759] New: -
Allow disabling mod_autoindex on a per-directory basis
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11759>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11759
Allow disabling mod_autoindex on a per-directory basis
Summary: Allow disabling mod_autoindex on a per-directory basis
Product: Apache httpd-1.3
Version: 1.3.26
Platform: Other
OS/Version: Other
Status: NEW
Severity: Normal
Priority: Other
Component: mod_autoindex
AssignedTo: bugs@httpd.apache.org
ReportedBy: phr-apache@nightsong.com
Forgetting to create an index.html file is a common security lapse, that lets
intruders prowl around the directory using mod_autoindex.
Therefore, there should be a configuration directive to disable mod_autoindex
at either the global level, in a virtual server block, or in a directory block.
Something like "AutoIndex On" to enable auto-indexing, and "AutoIndex Off"
to disable it, would do the job.
A typical way to use it would be to set "AutoIndex Off" in httpd.conf,
disabling auto-indexing by default. Individual directories could override
the default and enable auto-indexing in their .htaccess file, if AllowOverrides
is set to allow overriding mod_autoindex directives. Alternatively,
auto-indexing could be enable for specific directories using AutoIndex
directives in <directory> blocks for those directories.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org