N Apache2 directive to explicitly set directory listings 403 Forbidden

apache-2.4

Is there a directive to explicitly set directory listings without an index file to 403 Forbidden? The default behavior returns a 404 because mod_dir can't find the index file.

I don't have mod_autoindex loaded and Options are set to just FollowSymLinks. I tried -Indexes, but that still returned a 404.

<IfModule dir_module>
    DirectoryIndex index.php index.html index.htm
    DirectorySlash On
</IfModule>

<Directory /var/www>
    Options FollowSymLinks
    AllowOverride None
    Require all granted
</Directory>

I shouldn't matter, but I'm using Apache 2.4.

Best Answer

Answering my own question after a lot of trial and error. This answer should apply to Apache >= 2.0.

In summary, it seems the Indexes option for the Options directive requires mod_autoindex. You can stop reading now unless you'd like more info on the default Apache behavior.

More Info

The key is whether or not mod_autoindex is loaded. If it's not loaded, setting Options -Indexes will have no effect and return a 404, which makes sense because the mod_dir DirectoryIndex directive can't find your index file. If it is loaded, setting Options -Indexes will return a 403.

This is somewhat explained in the Apache Options docs under Indexes, which is a little confusing because Options is a part of mod_core.

Indexes

If a URL which maps to a directory is requested, and there is no DirectoryIndex (e.g., index.html) in that directory, then mod_autoindex will return a formatted listing of the directory.

... and explained on the mod_autoindex page:

Automatic index generation is enabled with using Options +Indexes. See the Options directive for more details.

My tests indicate that enabling/disabling .htaccess files with AllowOverride is irrelevant.

Related Solutions

Freebsd – How to get access to Icinga on Apache 2.4

The apache24 package on FreeBSD does not ship with the mod_dir. Check if it is present in /usr/local/libexec/apache24, and if not, install apache24 from ports. Add LoadModule dir_module libexec/apache24/mod_dir.so to your httpd.conf.

Redmine with Apache: 403 Forbidden

Use Phusion Passenger to run Redmine.

cd /var/www/redmine
gem install passenger
passenger-install-apache2-module

The end of this script will give you some rules to place in httpd.conf

You can test to make sure Passenger is working by running 'passenger start' from your root Redmine directory '/var/www/redmine'. You'll be able to get to your Redmine install via http://redmine.mypage.com:3000

From there configure Apache to run with passenger. You've already got the rules in httpd.conf to load Passenger, just configure your vhost.

<VirtualHost *:80>
ServerName redmine.mypage.com

    DocumentRoot /var/www/redmine

    ## Get this from PassengerDefaultRuby you added to httpd.conf 
    PassengerRuby /path-to-ruby 

    <Directory /var/www/redmine/public>
      Allow from all
      Options -MultiViews
    </Directory>
 </VirtualHost>

Best Answer

Related Solutions

Freebsd – How to get access to Icinga on Apache 2.4

Redmine with Apache: 403 Forbidden

Related Topic