468,738 Members | 1,792 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 468,738 developers. It's quick & easy.

How to stop directory listing a folder

gil
Is it possible to prevent a browser from listing the entire contents of
a folder?

The site, is hosted on my ISP with the following layout-

site/ "user name from ISP"
pagefile (dir)
index.html

site/pagefile/
images (dir)
drawings (dir) plus several other dir's
home.html plus 36 other .html files
style.css

site/pagefile/images/
20 files all .jpg or .gif

site/pagefile/drawings/
60 files all .jpg

etc., etc.

****

If I edit my browser to http address "site" (with or without trailing
"/") the 'index.html' file opens, while "site/pagefile(/)" will always
open just the 'home.html' file, NOT any of the other .html files in the
same directory. This seems to be good.

However, when I try "site/pagefile/images" or ".../drawings", I get a
generic directory listing page, showing all of the files and directories
within the named address, including a link to the parent directory. This
is not good. If I hit the link to 'parent directory' then the
'home.html' file will open.

I have tried putting a small .html file in each image folder but the
tree still displays. I have not tried putting a folder within the
folder, but suspect that it would also show in the tree listing.

This occurs in IE 6.0, Moz 1.7 and Opera 8.5.

Discussions on robots.txt are aimed at search engine robot crawlers, not
the typical users browser.

How can I prevent the image folders from showing a generic directory
listing, or can I get them to instead display a "list access denied"
type of message?

Gil

Jan 22 '06 #1
8 10781
Els
gil wrote:
Is it possible to prevent a browser from listing the entire contents of
a folder?
[snip]
However, when I try "site/pagefile/images" or ".../drawings", I get a
generic directory listing page, showing all of the files and directories
within the named address, including a link to the parent directory. This
is not good. If I hit the link to 'parent directory' then the
'home.html' file will open.

I have tried putting a small .html file in each image folder but the
tree still displays.
If you name that file index.html, you'll see the same behaviour as in
the parent directories.
I have not tried putting a folder within the
folder, but suspect that it would also show in the tree listing.
Yes, it will.
This occurs in IE 6.0, Moz 1.7 and Opera 8.5.
It's on the server that this happens, not in the browser.
Discussions on robots.txt are aimed at search engine robot crawlers, not
the typical users browser.
Yup.
How can I prevent the image folders from showing a generic directory
listing, or can I get them to instead display a "list access denied"
type of message?


Either put an index.html file in every directory, or deny directory
listings on the server. If you are on a Linux server, this is done in
the .htaccess file. If you have CPanel, you can even take care of it
without having to touch the .htaccess yourself.

--
Els http://locusmeus.com/
Sonhos vem. Sonhos vão. O resto é imperfeito.
- Renato Russo -
Jan 22 '06 #2
gil


At approximately 2006/01/22 04:04, Els typed these characters:
gil wrote:

Is it possible to prevent a browser from listing the entire contents of
a folder?

[snip]

However, when I try "site/pagefile/images" or ".../drawings", I get a
generic directory listing page, showing all of the files and directories
within the named address, including a link to the parent directory. This
is not good. If I hit the link to 'parent directory' then the
'home.html' file will open.

I have tried putting a small .html file in each image folder but the
tree still displays.

If you name that file index.html, you'll see the same behaviour as in
the parent directories.

<snip>

Thanks Els,
I took your advice and placed a "listing denied" type message into a
document called 'index.html'. After placing a copy in each directory,
the site will no longer list the directory tree.

Gil
Jan 22 '06 #3
Sun, 22 Jan 2006 08:51:22 GMT from gil
<gi***********@ns.sxympatico.ca>:
I took your advice and placed a "listing denied" type message into a
document called 'index.html'. After placing a copy in each directory,
the site will no longer list the directory tree.


I think you may have misinterpreted that advice. :-) Actually you've
now got the worst of both worlds: your server has the overhead of
serving up a useless page, and your visitors get a nasty message. In
addition, since you've got a real file there, search engines will
index it, which is almost certainly not what you want.

What you want to do is either (a) put a real index.html file, with
actual content, in the directory, or (b) set the server configuration
not to list files in a directory when it contains no default-type
page.

Els told you how to do (b). I would add only that not Linux but any
Apache server will respond to a .htaccess file(*). See
<http://httpd.apache.org/docs/1.3/misc/FAQ-E.html#indexes> and be
sure to follow the link therein to DirectoryIndex.

(*) unless your ISP has disabled that capability, in which as you
should insist politely but firmly that it be turned back on.

--
Stan Brown, Oak Road Systems, Tompkins County, New York, USA
http://OakRoadSystems.com/
HTML 4.01 spec: http://www.w3.org/TR/html401/
validator: http://validator.w3.org/
CSS 2.1 spec: http://www.w3.org/TR/CSS21/
validator: http://jigsaw.w3.org/css-validator/
Why We Won't Help You:
http://diveintomark.org/archives/200..._wont_help_you
Jan 22 '06 #4
gil

At approximately 2006/01/22 11:52, Stan Brown typed these characters:
Sun, 22 Jan 2006 08:51:22 GMT from gil
<gi***********@ns.sxympatico.ca>:
I took your advice and placed a "listing denied" type message into a
document called 'index.html'. After placing a copy in each directory,
the site will no longer list the directory tree.

I think you may have misinterpreted that advice. :-) Actually you've
now got the worst of both worlds: your server has the overhead of
serving up a useless page, and your visitors get a nasty message. In
addition, since you've got a real file there, search engines will
index it, which is almost certainly not what you want.

What you want to do is either (a) put a real index.html file, with
actual content, in the directory, or (b) set the server configuration
not to list files in a directory when it contains no default-type
page.

Els told you how to do (b). I would add only that not Linux but any
Apache server will respond to a .htaccess file(*). See
<http://httpd.apache.org/docs/1.3/misc/FAQ-E.html#indexes> and be
sure to follow the link therein to DirectoryIndex.

(*) unless your ISP has disabled that capability, in which as you
should insist politely but firmly that it be turned back on.


The index.html file I have added to each directory is a small, politely
worded message telling the user that they do not have permission to list
the files, and includes a link back to my homepage.

My ISP provides its customers with free web space for personal use, but
offers no customer support beyond how to access the space. I have no
information on checking logs, or how, or where the .htaccess file is to
be formatted or located.

With the above limitations, I think the index.html page option is the
most reasonable.
Jan 22 '06 #5
On Sun, 22 Jan 2006 17:25:47 GMT, gil <gi***********@ns.sxympatico.ca>
wrote:
The index.html file I have added to each directory is a small, politely
worded message telling the user that they do not have permission to list
the files, and includes a link back to my homepage.

My ISP provides its customers with free web space for personal use, but
offers no customer support beyond how to access the space. I have no
information on checking logs, or how, or where the .htaccess file is to
be formatted or located.

With the above limitations, I think the index.html page option is the
most reasonable.


Assuming the Server is Apache...
In the directory you do NOT want directory listings to be shown, make
a file called .htaccess (note the dot/period at start)
File should include the line:
Options -Indexes
--
Locate your Mobile phone: <http://www.bizorg.co.uk/news.html>
Great gifts: <http://www.ThisBritain.com/ASOS_popup.html>
Jan 23 '06 #6
gil


At approximately 2006/01/23 03:58, David Quinton typed these characters:
On Sun, 22 Jan 2006 17:25:47 GMT, gil <gi***********@ns.sxympatico.ca>
wrote:

The index.html file I have added to each directory is a small, politely
worded message telling the user that they do not have permission to list
the files, and includes a link back to my homepage.

My ISP provides its customers with free web space for personal use, but
offers no customer support beyond how to access the space. I have no
information on checking logs, or how, or where the .htaccess file is to
be formatted or located.

With the above limitations, I think the index.html page option is the
most reasonable.

Assuming the Server is Apache...
In the directory you do NOT want directory listings to be shown, make
a file called .htaccess (note the dot/period at start)
File should include the line:
Options -Indexes

Just tried google search ".htaccess". Lots of reading to do in 4.6
million hits. Thanks for the basic.
Gil
Jan 23 '06 #7
Mon, 23 Jan 2006 21:53:10 GMT from gil
<gi***********@ns.sxympatico.ca>:
Just tried google search ".htaccess". Lots of reading to do in 4.6
million hits. Thanks for the basic.


Or you could have looked at the link I provided you, which explains
exactly what to put in .htaccess for your issue.

--
Stan Brown, Oak Road Systems, Tompkins County, New York, USA
http://OakRoadSystems.com/
HTML 4.01 spec: http://www.w3.org/TR/html401/
validator: http://validator.w3.org/
CSS 2.1 spec: http://www.w3.org/TR/CSS21/
validator: http://jigsaw.w3.org/css-validator/
Why We Won't Help You:
http://diveintomark.org/archives/200..._wont_help_you
Jan 24 '06 #8
In article <b1********************************@4ax.com>,
David Quinton <us****************@REMOVETHISBITbizorg.co.uk> wrote:
With the above limitations, I think the index.html page option is the
most reasonable.


I think the best thing is:

chmod 711 directoryname

This will give only execute permission to everyone but you. Execute
permission is still enough for the web server to fetch files from
the directory, and it prevents anyone from looking at the contents.

You should do this to all your directories anyway for security reasons.

For directories where the web server needs write permission (which is
common with php pages that use the smarty template manager, for example)
simply put a .htaccess file in the directory which will prevent anyone
from looking at it, as suggested elsewhere in this thread.

-A
Jan 24 '06 #9

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

1 post views Thread by Sims | last post: by
2 posts views Thread by Dan King | last post: by
8 posts views Thread by dougawells | last post: by
3 posts views Thread by cj | last post: by
6 posts views Thread by David | last post: by
2 posts views Thread by marcusadeleon | last post: by
1 post views Thread by CARIGAR | last post: by
reply views Thread by zhoujie | last post: by
xarzu
2 posts views Thread by xarzu | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.