[aprssig] Web page index?

Jim (List) jim.list at stuckinthemud.org
Sat Nov 19 09:39:51 EST 2011 

As you suggest, it's a security risk unless very carefully controlled and
understood. The NWS directories you mention are an example of this control
(there are some UK weather sat servers set up in a very similar way), in
that only specific information is in the folder.

If you can browse the raw website script files, you can often get database
passwords and other internal information, which is highly undesirable for
obvious reasons.



Jim, G1HUL

-----Original Message-----
From: aprssig-bounces at tapr.org [mailto:aprssig-bounces at tapr.org] On Behalf
Of Steve Dimse
Sent: 19 November 2011 14:25
To: TAPR APRS Mailing List
Subject: Re: [aprssig] Web page index?


On Nov 19, 2011, at 9:09 AM, Jim (List) wrote:
> 
> True directory browsing is a server-enabled function, and a security 
> risk so it's very rare to find any that do allow it (in my experience, 
> those who do are small / home ISP's who don't realise the risk or 
> haven't realised it's on).
> 
I think it is rare to see it enabled on an entire server. However it is
often used, and is not a security risk, for individual directories,
particularly those whose contents change dynamically. For example, the NWS
radar directories where each file name includes a timestamp is shown this
way. This is easily done with a file ".htaccess" for Apache web servers.

Bob, if you are hosted on an Apache web server (by far the most common) try
creating a file .htaccess in the directory you want to show, in the file put
the line

Options +Indexes

There are a couple different ways to show the index, depending on the server
default you can add either of these to get the non-default

IndexOptions +FancyIndexing

IndexOptions -FancyIndexing

if you have files you don't want to show, like jpgs and gifs for example,
you can use this line to exclude them from the listing

IndexIgnore *.gif *.jpg


Steve K4HG
_______________________________________________
aprssig mailing list
aprssig at tapr.org
https://www.tapr.org/cgi-bin/mailman/listinfo/aprssig

More information about the aprssig mailing list