1

On a local dev server, I have an Apache conf for a website like so

<VirtualHost *:80>
  ServerAdmin no-reply@localhost
  ServerName sandbox.mysite.internal
  DocumentRoot /var/www/vhosts/sandbox/mysite
  ErrorLog logs/sandbox/mysite-error.log
  CustomLog logs/sandbox/mysite-access.log common
</VirtualHost>

If I visit the following address (there is no index.php or index.html)

http://sandbox.mysite.internal

I get the Apache CentOS test page

If I visit a subdirectory like

http://sandbox.mysite.internal/test/

I get a 403 Forbidden error. So I add the following .htaccess here:

/var/www/vhosts/sandbox/mysite/test/.htaccess

Content:

Options +Indexes

Now when I visit:

http://sandbox.mysite.internal/test/

I still get 403 Forbidden.

How do I make the directory index show up?

I always thought .htaccess directives override any httpd.conf directives. But am I wrong about that? Is there some setting in my httpd.conf that is making my .htaccess directive be ignored?

Jake Wilson
  • 8,814
  • 29
  • 97
  • 125

2 Answers2

2

Sure, AllowOverride None would prevent .htaccess files from functioning. But, why use them at all? Apache's recommendation is to never use .htaccess unless you are unable to access the main configuration.

Try this, instead:

<VirtualHost *:80>
  ServerAdmin no-reply@localhost
  ServerName sandbox.mysite.internal
  DocumentRoot /var/www/vhosts/sandbox/mysite
  ErrorLog logs/sandbox/mysite-error.log
  CustomLog logs/sandbox/mysite-access.log common
  <Directory /var/www/vhosts/sandbox/mysite/test/>
    Order allow,deny
    Allow from all
    Options +Indexes
  </Directory>
</VirtualHost>

If that doesn't work, have a look at Apache's error log; you may have something wrong with your file/directory permissions, for example.

Shane Madden
  • 114,520
  • 13
  • 181
  • 251
  • That worked perfectly. Thanks! The only reason I was using the `.htaccess` is because it's convenient to add/remove that file at will to make quick adjustments, even if temporary. – Jake Wilson Jan 16 '12 at 22:50
  • @Jakobud Gotcha - and that's just fine for a development/sandbox environment. Well, if that worked, then it was either the `Order` and `Allow` directives that I added in the `Directory` block, or else you do indeed have an `AllowOverride None`, or perhaps an `AccessFileName` changing the name from the default (`.htaccess`)? – Shane Madden Jan 16 '12 at 22:54
  • Ah yes I believe `AllowOverride None` was set in the `httpd.conf`. Thanks! – Jake Wilson Jan 17 '12 at 16:49
  • How would this look for Apache 2.4? – Kotlopou Sep 03 '21 at 17:46
0

If your parent directory .htaccess (or your Apache configuration file httpd.conf) prohibits directory access by default (as it should), then you will have to add a "Require all granted" directive to your .htaccess file so that the directory listing can be served. Otherwise, visitors will see a 403 (access forbidden) error.

For this to be safe, ensure that your directory and its files allow reading but prohibit writing (unless you actually want users to be able to alter or store files on your server). This advice assumes your server runs on Linux, which has a visible permissions feature. Windows servers may require more advanced security precautions.

David Spector
  • 113
  • 8