I started working for my current employer as their Web Designer almost 6 years ago. I worked with one of the System Administrators to setup a new web server environment and processes. She built two SuSE UNIX servers (one for development, the other for "live" published websites), installed the Zope web content management system, and used Apache to handle the website. She kept all access to root and managed the hardware and software on the servers - even today, I don't know where they live on campus!
When she left about 2 years ago, one of the other System Administrator's inherited management of "my" web servers. Soon, however, he agreed to give me root access so he wouldn't have to change file/directory permissions for user directories, add Rewrite commands to the httpd.conf file, modifying other config files (ht://dig, Webalizer, etc.), manage large files when the Zope database needs to be packed, and do other administrative tasks on the web servers that took him away from bigger projects. That was okay with me! I'm comfortable at the UNIX command line and am perfectly capable of doing those tasks.
When the servers were setup, directory browsing was turned off on the server for better overall security. A year or so later, one user wanted to be able to list the files in a single website directory, but the System Administrator wasn't able to set httpd.conf so that it worked. Then, about 2 years ago, another user (a more demanding one) wanted to do the same thing with a bunch of his Camtasia files. The one remaining System Administrator at that time was a Microsoft Windows only guy so nothing could be done. I learned a bit about httpd configuration commands but was unsuccessful in getting "Options Indexes" to work. So, I wrote a PHP script to be placed in a directory as index.php. When that file is accessed in a browser, it displays the foldernames and filenames contained in that directory and its subdirectories. It worked great!
But it's always bugged me that directory browsing wouldn't work on the servers! Well, today I spent most of my work day Googling away for anything that could help (such as (no quotes) "disable directory browsing", "enable directory browsing", "enable directory browsing for one directory", "suse apache directory browsing") and making modifications to the httpd.conf file on the development server. I must have restarted Apache 50 times or more!
I learned what the httpd configuration commands do (important!). I discovered Include statements in the httpd.conf that included *.conf files for SuSE, and thought maybe I had finally found where the problem might be. No luck.
About 30 minutes before the end of the day, I Googled "directory browsing not working" (no quotes) and found this thread on a forum that pointed me to, ta da, the solution!
From Ddr/Dale's response post:
(will prevent listing of all files, the "*" is a wildcard)
IndexIgnore *.gif *.jpg
(will prevent listing of any files with .gif or .jpg extensions, but will allow other listings)
Could it be? Was there an "IndexIgnore *" command in the httpd.conf file?
Yes. Yes, indeed. It was there, bold and bright as day, jumping from the screen saying "I'm here, I'm here!" (now that I knew what it meant)!
So, I removed it. And all was fine with the world again. Well, maybe just my little corner of the world.
- To disable directory browsing, use "Options -Indexes" or remove "Indexes" from an "Options" command (i.e., "Options Indexes FollowSymLinks" becomes "Options FollowSymLinks").
- To enable directory browsing, use "Options +Indexes" or add "Indexes" to an "Options" command (i.e., "Options FollowSymLinks" becomes "Options Indexes FollowSymLinks"). Make sure "AllowOverride Options" is included in the httpd.conf file in a <Directory> section for the directory where the DocumentRoot is.
- Do not use "IndexIgnore *" to disable directory browsing. It is used to disable display of certain folders/files - not all folders/files - while directory browsing.
Now I feel I must address why I am a former UNIX System Administrator with 10+ years experience and have not worked with Apache configuration!
Way back before Windows 3.1, my employer used UNIX servers with terminals (we referred to them as dumb terminals because they had no processing capabilities - they just displayed what was delivered to them from the UNIX main frame computer).
I was the System Administrator for the UNIX systems. Again, that was before Windows 3.1 - and before the World Wide Web became widely used with the help of GUI web browsers.
Anyway… I was the System Administrator for those 8 or 9 systems. As such, I created UNIX user accounts, configured software (including UNIX-based WordPerfect!), wrote shell scripts, troubleshooted problems, created/managed Informix databases, wrote programs to interface with the databases, considered the vi editor and the "find" command my best friends. And more. Even after the WWW became popular, my employer didn't have a website until, I think, 1997 or 1998, but I had already left that employer in May 1996. But that's not the point here…
The point is: Although I was a UNIX System Administrator until 1996, I have never been the administrator for a UNIX-based web server (such as Apache)! Sure, I've played around with my own web hosting accounts on UNIX servers using the Apache web server since 1998 (maybe earlier?), but I haven't gotten into the nitty gritty of how Apache works.