SitePoint Sponsor

User Tag List

Results 1 to 9 of 9
  1. #1
    SitePoint Zealot
    Join Date
    May 2005
    Posts
    172
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    List Dir Contents - Forbiddden - Options +Indexes - httpd.conf

    Hi

    I'd like to view the contents of a Directory (without an index file set up).

    But my VPS is configured to prevent this. I'm very new to this - very inexpert.

    I have tried uploading a .htaccess file with the following:
    Code:
    Order allow,deny
        Allow from all
        Options +Indexes
    But that doesn't work.

    I understand from searching Google that
    Code:
    Options -Indexes
    in my httpd.conf would prevent .htaccess files from functioning.
    http://randomlinux.com/htaccess/quic...ons-directive/

    1. How do I safely view the contents of httpd.conf? (I can use Putty / SSH though I am a beginner but not sure of the cmd)

    2. If it is wise to do so - how do I edit httpd.conf and set to Options -Indexes to Options +Indexes

    --- OR ---

    Is this a better idea?
    http://serverfault.com/questions/350...ache-test-page


    --- OR ---

    Is there a better alternative?

  2. #2
    SitePoint Enthusiast PromptSpace's Avatar
    Join Date
    Jun 2012
    Posts
    96
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    If you have SSH, SSH to your account. Find the location of your httpd.conf file by typing the command:

    find / -name httpd.conf
    Once you find the location of the file, use a text editor like Nano or Vim to edit the file:

    nano /path to the httpd.conf
    Edit is as you like and save it.

  3. #3
    SitePoint Zealot
    Join Date
    May 2005
    Posts
    172
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for your prompt advice.

    And do you think changing the instances of -Indexes in my httpd.conf is smartest way for me to get the files/dirs listed in that ONE dir I need?

    I'd like to keep the server as secure as possible and I get the feeling here that I am turning on the 'listing' for all dirs across the server.

  4. #4
    SitePoint Zealot
    Join Date
    May 2005
    Posts
    172
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    wow. this pretty hair raising stuff. i can see me trashing the vps.

    1. How do I find out if I have Vim or nano installed on my VPS (I guess thats where i should expect them to be?)

    2. Is there a nice tutorial somewhere on opening a ssh connection in either and editing a file.

    3. Is there a site out there for beginners like me about managing my vps...... my host is reluctant to help.

  5. #5
    SitePoint Enthusiast PromptSpace's Avatar
    Join Date
    Jun 2012
    Posts
    96
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Why dont you opt for a managed vps? They are pretty cheap now a days.
    Host4Geeks | Hosting powered by geeks, enhanced with a scoop of
    love and awesomeness!!

    The goal as a company is to have customer service that's not
    just great, but legendary -Henry Ford

  6. #6
    Hosting Team Leader silver trophybronze trophy
    cpradio's Avatar
    Join Date
    Jun 2002
    Location
    Ohio
    Posts
    5,136
    Mentioned
    152 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by rooftop View Post
    1. How do I find out if I have Vim or nano installed on my VPS (I guess thats where i should expect them to be?)
    If you are on a linux server, chances are you have vim, emacs, or nano available (maybe all 3, nano is very user friendly)

    Quote Originally Posted by rooftop View Post
    2. Is there a nice tutorial somewhere on opening a ssh connection in either and editing a file.
    Use PuTTY, type in your domain name, Port should be 22, and when asked for a username and password, enter your username and password of your SSH account (sometimes this is the same as your FTP account, sometimes it is a separate account)

    Quote Originally Posted by rooftop View Post
    3. Is there a site out there for beginners like me about managing my vps...... my host is reluctant to help.
    If you have a linux server, my best recommendation is to get a security book about securing apache on linux, I don't have one specifically in mind, I just know they exist and would likely be very helpful to you.

  7. #7
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,653
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    TIME OUT!

    Displaying directory contents "in the wild" can make hacking easy. Simply FTP to your website and view the contents with your FTP client. If you HAVE to display it in a browser, edit that ONE directory's .htaccess and add Options +Indexes - but remove it when you're done.

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  8. #8
    SitePoint Zealot
    Join Date
    May 2005
    Posts
    172
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks DK

    I tried editing that 'ONE directory's .htaccess and adding Options +Indexes' but it didn't make any difference.

    I guess as Shane Madden replies in this thread the 'AllowOverride None would prevent .htaccess files from functioning'. See Here.

    But I'm afraid I don't know where to put his suggested code and if, following your advice, its a good idea at all.

    Would it be safer to ask the client to upload an index.html with a hardcoded list of the files and sub-directories?

  9. #9
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,653
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    rt,

    For a thorough overview of Apache's core AllowOverride directive (including options), here's your link: http://httpd.apache.org/docs/2.2/mod...#allowoverride. Basically, it enables (All) or disables (None) use of the .htaccess file, i.e., All is required if you want to use your .htaccess file. I rely on mod_rewrite and change my code often enough that I need to use .htaccess.

    You can use your Options +Indexes in the httpd.conf, httpd-vhosts.conf or .htaccess file.

    No, if this is your client, then he/she should be able to give you FTP access (username and password to the domain's DocumentRoot directory, i.e., the client's public_html or www directory) even if only on a temporary basis.

    As before, IMHO, it's NOT advisable to provide directory listings to the public so FTP is my recommendation. It can be setup quickly and deleted by the client even faster.

    I have used a script to read a directory and list files but I removed that script upon completing my task.

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •