Our server is configured such that directories are selectively browsable. This means if the server receives a request which specifies a directory it will go through something like this:
- It checks for certain index files, namely "index.html" and "index.htm". If one of these is found, it will be returned to the client.
- Failing to find an index file it checks for the existence of the file ".htaccess" in the directory. This file allows for additional on-the-fly commands to be passed to the server. In order to enable directory listings the .htaccess file must contain:
There are two important things to remember about directory listings:
- .htaccess works in a hierarchical manner. This means that if you put one in the top of your web tree ~username/.www/ then all subdirectories will also have directory listings enabled. To turn off automatic directory listings for a subdirectory, create a .htaccess file in that subdirectory with the contents:
- The server will not show files or directories that are hidden in a directory listing, i.e. those that begin with a dot (
.). However if such a directory or file exist, and a client explicitly requests that directory or file, these same rules apply.
You may also protect files with standard UNIX access permissions. The files need to have world-read permissions to be retrieved. Directories need to have world read and execute permissions for the server to be able to browse them.