LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 07-29-2010, 03:51 AM   #1
konzo
Member
 
Registered: Dec 2008
Location: Bulgaria
Distribution: Debian / Slackware / Ubuntu
Posts: 230

Rep: Reputation: 33
disable directory and file browsing


I remove "Index" in my
/etc/apache2/sites-enabled/000-default file in order users not to be able to browse directories. I have sym link of a folder in
/var/www/test (test is the symlinked folder). If I write in the address bar of the browser
http://x.x.x.x/album/img_name.jgp I can see the picture, but I want contents not to be available.

Is that different from file browsing and how to disable it?
 
Old 07-29-2010, 06:10 AM   #2
hairysocks
Member
 
Registered: May 2002
Location: Thorverton, Near Exeter, Devon, England
Distribution: Ubuntu 10.04 (used to be Red Hat 7.1, then Red Hat 9, then FC 2, FC 5, FC 6, FC 9 and Ubuntu 8.04)
Posts: 105

Rep: Reputation: 16
If you add an index.html file to the directory that just says "File browsing not allowed" then anyone trying to browser that directory will get that message rather than a file list.
 
Old 07-29-2010, 07:33 AM   #3
konzo
Member
 
Registered: Dec 2008
Location: Bulgaria
Distribution: Debian / Slackware / Ubuntu
Posts: 230

Original Poster
Rep: Reputation: 33
Ok. My first post is not clear. I have a sym link folder test in which
if I disable contents I can't get image from my web application(say simply my site) and
if I enable contents everyone can type address of the image and view it.

I didn't remove index.html. I remove Index option in the file I gave in my previous post (/etc/apache2/sites-enabled/000-default)

I want to access image through my site and no one can view it from the browser by entering it's address.
 
Old 07-29-2010, 08:08 AM   #4
teebones
Member
 
Registered: Aug 2005
Location: /home/teebones
Distribution: sometimes this, sometimes that..
Posts: 502

Rep: Reputation: 56
Your posts are not clear, and your final wish makes it even more confusing.

"I want to access image through my site and no one can view it from the browser by entering it's address" --- eeh, how would somebody be able to view that image? since the website, load the image of using an internal call to the address. (img statement)


Anyway, maybe this is what you ask for:

make a .htaccess file, and put this inside:

Options -Indexes


This disables directory listing on the webserver, for the directory where .htaccess is placed.

Last edited by teebones; 07-29-2010 at 08:11 AM.
 
Old 07-29-2010, 10:33 AM   #5
fesake
LQ Newbie
 
Registered: Jul 2010
Location: Ohio
Distribution: Gentoo, OpenSUSE
Posts: 6

Rep: Reputation: 1
I'm assuming if you want to disable the contents listing in one directory you may want to disable it in all of them without having to add the index.html/.htaccess files in each.

Your file and directory configuration is different, but in my '/etc/apache2/vhosts.d/default_vhost.include' file I have a <Directory ... tag with an Options keyword. Set a -Indexes in this and everything may be cleared up with the issue we think you're bringing up.

As for your configuration I believe the Options keyword will be somewhere in the config files within the <Directory> tag.

Code:
<Directory "/var/www/localhost/htdocs">
        # Possible values for the Options directive are "None", "All",
        # or any combination of:
        #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
        #
        # Note that "MultiViews" must be named *explicitly* --- "Options All"
        # doesn't give it to you.
        #
        # The Options directive is both complicated and important.  Please see
        # http://httpd.apache.org/docs/2.2/mod/core.html#options
        # for more information.
        Options -Indexes FollowSymLinks

        # AllowOverride controls what directives may be placed in .htaccess files.
        # It can be "All", "None", or any combination of the keywords:
        #   Options FileInfo AuthConfig Limit
        AllowOverride All

        # Controls who can get stuff from this server.
        Order allow,deny
        Allow from all
</Directory>
 
Old 07-29-2010, 11:21 AM   #6
Bratmon
Member
 
Registered: Jul 2009
Location: 75.126.162.205:80
Distribution: Arch / Mint 17
Posts: 297
Blog Entries: 3

Rep: Reputation: 50
Quote:
Originally Posted by konzo View Post
I want to access image through my site and no one can view it from the browser by entering it's address.
Either I don't understand your question, or you don't understand how the Internet works. If I understand correctly, you want it so nobody can do right click==>view image and save it from there. If so, how do you expect users to get it at all?
 
Old 07-30-2010, 03:45 AM   #7
konzo
Member
 
Registered: Dec 2008
Location: Bulgaria
Distribution: Debian / Slackware / Ubuntu
Posts: 230

Original Poster
Rep: Reputation: 33
My posts are confusing because I am asking for option that I don't know it exists. I will try again.

I make a pesonal site with photos on my family and my friends, but I want everyone to login in order to see pictures. I have created start page, login page, image view page, etc. To be more clear I will give you the exact address
http://xx.xx.xxx.xx/kodeimage
This is the login screen. I have symlinked folder in /var/www/kodeimage/album
Code:
 ls -l album
lrwxrwxrwx 1 root root 27 2010-07-29 10:14 album -> /home/kode/7pictures/album/
So, if you type
http://xx.xx.xxx.xx/kodeimage/album
you will see forbidden message. But if you know exact path of the image
http://xx.xx.xxx.xx/kodeimage/album/...a/dscn8735.jpg
you will see a beautiful image from the Rila mountain(2400m) Enjoy

What I want to do (if possible ofcourse) is when you type the path of the image the forbidden message to appear.

Thanks for your time and patience.

Last edited by konzo; 07-30-2010 at 10:11 AM. Reason: hiding ip address
 
Old 07-30-2010, 08:37 AM   #8
CincinnatiKid
Member
 
Registered: Jul 2010
Posts: 431

Rep: Reputation: 33
I would recommend using Apache mod_auth authentication. You would have to replace your current login, but it would work for you. You can restrict the directory contents from being displayed unless the user has already logged in. With mod_auth you would not have to keep track of user's sessions either, Apache/your browser would take care of all of this. Take a look at http://httpd.apache.org/docs/2.0/howto/auth.html if this is something that you would want to implement.
 
Old 07-30-2010, 10:09 AM   #9
konzo
Member
 
Registered: Dec 2008
Location: Bulgaria
Distribution: Debian / Slackware / Ubuntu
Posts: 230

Original Poster
Rep: Reputation: 33
This is good solutions. As I understand this is the same as htaccess files. Thanks for the replies.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Browsing a directory recursively charlitos Linux - Newbie 4 02-16-2009 05:22 PM
Apache2 Directory Browsing File Size Limitations... BillyGalbreath Linux - Software 0 06-23-2006 07:54 PM
xmms directory browsing doralsoral Linux - Software 1 10-24-2005 08:51 PM
Disable Directory Browsing Apache bentman78 Linux - Software 2 07-09-2004 03:10 AM
file transfer over ssh restrict directory browsing niall0s Linux - General 11 09-11-2003 03:50 PM


All times are GMT -5. The time now is 02:29 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration