Copyright © https://mongoose-os.com

Mongoose OS Forum

frame

Disasble directory listing

Hi,

I am using the basic example provided my mongoose (restful_server). I was able to compile and run this example. My environment is ubuntu 16.04. I am trying to disable directory listing. In the code I have added " s_http_server_opts.enable_directory_listing = "no";".

After compiling and running the exe, I am seeing this line in the command line: "Starting RESTful server on port 8100" since I am running this sever on 8100 port. When open the below url in browser: "http://127.0.0.1:8100", I am able to see the home page and so far so good. But when I have tried to type : "http://127.0.0.1:8100/Makefile", my makefile is visible and I am able to view all the files in the directory. I need to disable access to all the files in the directory and nothing should be view able except index page. Request you to let me know how to disable the files access in the directory

Thanks in advance

Comments

  • SergeySergey Dublin, Ireland

    Hi,
    I think there is a misunderstanding about the enable_directory_listing option.
    What is does is:
    - if the index file is not present, Mongoose can either render a list of files in a directory, or show 403 forbidden.
    - if enable_directory_listing is no, then 403 forbidden is shown.

    Note that the this option works ONLY when index file is not present in the directory.
    From your description it looks like you do have an index file.
    The behavior you describe is per design, there is nothing to fix there.

    If you're looking for a way to exlcude certain files from serving, look at "hidden_files" option instead.

  • Hi Sergey,

    Thanks for your reply.

    I got the enable_directory_listing option concept wrong. Now it was clear

    My requirement is that along with index.html, I have lot of other files (text files and html files) and I don't want those files to be served. I have tried to run my server with option url-rewrites

    ./my -url_rewrites **.txt$=/home/pav/noaccess.html

    so that I can display access restricted html page when someone tries to access text file. But this is not working. Instead of showing noaccess.html page I was able to see the content of text file directly. Please let me know what I am missing here

  • SergeySergey Dublin, Ireland
    edited December 5

    Use hidden_file_pattern.
    Or, better, do NOT have files you don't want to serve in the web root. The problem you have indicates on bad design.

  • Thanks Sergey. I need to have some files in the webroot which are not supposed to be served but referred in the html pages. This key solved my problem. Thanks once again

Sign In or Register to comment.