If you've been using the web for more than a day, you've almost certainly encountered a directory index; it's the web page you see when there's no default web page - a listing of files and folders found at the current location. In general, you'll be given the following details:

  • A header giving the current directory and its path, e.g. Index of /texts/poems/poe. This tells you that you are in the poe directory, which is in the poems directory, which is in the texts directory off the server root. If the server is http://www.somepoets.org, your current URL will be http://www.somepoets.org/texts/poems/poe/ (the browser will usually add the trailing slash).
  • A link to the parent directory, if there is one. There won't be one if you're already in the server's root directory (e.g. http://www.somepoets.org/), because you can't go any 'higher' than that. In the example above, poems is the parent directory of poe, and so on.
  • A listing of the directory's contents, typically displaying document and folder details in columns using the following information:
    • Name - e.g. raven.txt
    • Size - e.g. 13K
    • Last Modified - e.g. 23 April 2003 17:23
    • Description - e.g. text file
    The header labels for these columns may well be "sorting" links - e.g. by clicking on Name you can sort the files alphabetically.
  • Some information about the server, such as Apache/2.0.40 Server at www.somepoets.org Port 80

The items in the listing are often accompanied by icons, and the appearance of the listing can be modified if required.

Whether you see a directory index or not depends on the configuration of the server and the presence of an index file. With Apache, the configuration is down to the Indexes option and can be controlled on a per-directory basis; if a directory has the Indexes option set in the httpd.conf file, then directory indexes can be viewed by visitors. But this will only happen if there is no index file present.

The index file is set with the DirectoryIndex directive in the conf file. Usually, the index file is something simple like index.html. Taking this as an example, when you request a directory URL - such as /poe/, the server will first check for an index.html file in that directory. If it finds one, it will serve it up and dust its hands; job done. If it doesn't find index.html, it'll check the Indexes setting for that folder. If Indexes are allowed, it will generate and serve a directory index. If they're not allowed, the browser will display a 403 forbidden error notice along the lines of You don't have permission to access /poe/ on this server.

Note that all this only happens when the browser requests a directory URL, not a specific page or file (such as raven.txt). Also, several index files can be set on the same server; index.php, index.html, index.shtml, and so on. The server will only consider a directory index if none of these are present.

Why use directory indexes? Well, the fact that they're auto-generated can save you a huge amount of time if you're serving easily categorised files that don't require any explanation or annotation. Directory indexes are often used in web interfaces to FTP servers, where they provide a clean interface for users who need to navigate through a number of folders to find a file. The webmaster doesn't need to worry about building and providing an interface; it's all done by the server. Similarly, if you want to provide a simple online archive of files, you can rely on directory indexing to do the brunt of the work - all you need to worry about is naming and organising the files and folders sensibly.

But there's a reason directory indexing can be turned off; you don't always want it. Sometimes, it's not desirable to leave the full contents of a folder open to inspection by visitors. For a business, presenting a directory index can appear unprofessional; it can be a harsh interface for users expecting a comfortable, guided visit. The appearance of a directory index is often an indication that someone has simply forgotten to add an index.html file - if you direct users to /poe/poe.html but they just enter /poe/, the server will look for /poe/index.html and, failing that, resort to a directory index - if allowed. Ideally, you don't want to serve up a "forbidden" notice to visitors, either - I always ensure every folder has an index file, even if its only function is to redirect the visitor.

But that's just me and my server. Sometimes, a folder doesn't require any written content - you may have a folder full of images or Quicktime movies, grouped together for convenience, but for whatever reason you may not want the public to be able to browse these files. To prevent this (without adding a "dummy" index file), you can set either that particular folder or all folders to not display directory indexes (though there are a number of other solutions). You could follow this up by modifying the server's 403 message to be a little less intimidating.

Be aware, however, that turning off directory indexing to hide files amounts to security through obscurity and is not recommended. The files will still be available to anyone who can work out their names - e.g. the presence of report2001.pdf would suggest the presence of report2002.pdf, and so on. Entering these as part of a URL will allow access to the files regardless of the directory index settings.

Further control is possible using the httpd.conf IndexIgnore directive. With this, you can specify certain filetypes that are never listed, regardless of your other settings. If you use IndexIgnore *.jpg *.gif *.png, you can prevent these types of web images being displayed in your directory index.

Under Apache, you can also tailor your directory index settings using .htaccess files. These are small text files that can be applied on a per-directory basis (or a global basis). It's therefore possible to apply a blanket ban on directory indexing, then use a .htaccess file to allow it for a particular directory. You can also, for example, use IndexIgnore in a .htaccess file, to allow indexing of specific filetypes in different directories.

I realise there's a lot of "index" in this writeup, so here's a brief recap of the main players:

Apache uses mod_autoindex to generate a directory index. The FancyIndexing and IndexOptions directives can be used to tweak the appearance of the index.

References

  • http://httpd.apache.org hosts the online documentation for Apache.

Note: I've searched extensively and can't find any prior instance of this subject on e2, but there are a number of titles it could be noded under. If I'm being redundant, please msg me and I'll set things right. I'm using the term 'directory index' as it seems to be favoured by the Apache authors in their documentation.

Log in or register to write something here or to contact authors.