Apache Dir Listing
I want to allow a dir list of certain directorys, but I want to block any downloads.
Basically the dir structure is
Nzbs -> Alt.binaries.mp3 -> Alt.binaries.tv -> Alt.binaries.multimedia
The files in the sub dirs are .zip files.
I want users to be able to view the contents of the sub dirs, but not allow any downloading.
Ive searched the net but cant fi开发者_StackOverflow中文版nd anything relevant.
Thanks in Advance for any help.
There are several ways to do this
- Use RedirectMatch mentioned above
- Use mod_rewrite to rewrite all calls to index.php
- Move the folder outside document root and show the folder as a result of script work
Options second and third will require you to write a script to list folder contents. It's quite simple script you can find in the documentation of PHP
<?php
$d = dir("/etc/php5");
echo "Handle: " . $d->handle . "\n";
echo "Path: " . $d->path . "\n";
while (false !== ($entry = $d->read())) {
echo $entry."\n";
}
$d->close();
?>
The third option will require the least privileges on web server. It works like that:
- Your website is in server folder /home/you/public_html. You place the folder in /home/you/uploads
- Client wanting to see folde contents enters the page www.yourdomain.com/folder.php?folder=xxx
- You map PHP variable's "folder" value (xxx) to folder name
- You have to ensure that XX is not like ../../../etc, this will list the contents of etc folder. Either use mapping table (1=>yourfolder1 etc) or make sure everything takes place inside uploads folder.
- You list the folder entries, eventually providing links to subfolders (www.yourdomain.com/folder.php?folder=yyy etc)
- You watch :)
The third option (mod rewrite) is basically the same, but the folder name is given by the mod rewrite module (rewrite rule to convert www.yourdomain.com/uploads/xxx to www.yourdomain.com/folder.php?folder=xxx)
Summing up:
The first option disallows downloading file names by redirecting them to some file (like yourdomain.com/403.php). It relies on web server to display the listing and lets him handle the rest.
Second and third method (might be combined ofc) creates its own directory listing. If you want some layout to be applied in it, this is the only option. The suggested way is to place folder outside document root, so the users will not be able to download any files even if your script fails (for the web server, there won't be such files, as they are outside document root). You have to make sure that the user is not allowed to display ANY folder on your server (this is dangerous).
Use the RedirectMatch statement to block the acces to any dir or file that matches the regex and send it to a certain url. It's probably best to send them to the url they're currently browsing.
RedirectMatch regex url
精彩评论