{"id":8966,"date":"2014-08-21T05:11:10","date_gmt":"2014-08-20T19:11:10","guid":{"rendered":"http:\/\/www.rjmprogramming.com.au\/wordpress\/?p=8966"},"modified":"2014-08-21T05:11:10","modified_gmt":"2014-08-20T19:11:10","slug":"apache-htaccess-prevent-directory-listing-tutorial","status":"publish","type":"post","link":"https:\/\/www.rjmprogramming.com.au\/ITblog\/apache-htaccess-prevent-directory-listing-tutorial\/","title":{"rendered":"Apache .htaccess Prevent Directory Listing Tutorial"},"content":{"rendered":"<div style=\"width: 230px\" class=\"wp-caption alignnone\"><a target=_blank href=\"http:\/\/www.rjmprogramming.com.au\/WebServer\/Apache\/IndexOrNot.jpg\"><img decoding=\"async\" style=\"float:left; border: 15px solid pink;\" alt=\"Apache .htaccess Prevent Directory Listing Tutorial\" src=\"http:\/\/www.rjmprogramming.com.au\/WebServer\/Apache\/IndexOrNot.jpg\" title=\"Apache .htaccess Prevent Directory Listing Tutorial\"  \/><\/a><p class=\"wp-caption-text\">Apache .htaccess Prevent Directory Listing Tutorial<\/p><\/div>\n<p>Today&#8217;s tutorial continues some of this blog&#8217;s discussions regarding a big area (of knowledge) of Apache and PHP website usage, about the use of .htacccess files we last talked about with the previous <a href='#ahaapt' title='Apache .htaccess and mod_rewrite Primer Tutorial'>Apache .htaccess Autoprepend Autoappend Primer Tutorial<\/a> as shown below.  Expertise in the use of .htaccess (or by changing the httpd.conf Apache webserver configuration file) can really help improve how much the search engines acknowledge your website (ie. SEO), particularly if you can arrange for <a target=_blank title='Short URLs' href='http:\/\/en.wikipedia.org\/wiki\/URL_shortening'><i>&#8220;short URLs&#8221;<\/i><\/a> in this way, or by some other approach.   <\/p>\n<p>So today, with our local MAMP Apache web server on a Mac laptop, we discuss a method of disallowing Apache&#8217;s default behaviour for URLs that point at directories (today&#8217;s such example is the URL <i>http:\/\/localhost:8888\/CHash\/<\/i>), where that directory has none of the default filenames (by default, for PHP, we mean index.htm or index.html or index.php).  Sometimes we would prefer not to show that directory&#8217;s listing contents, unless, perhaps, we have a tailored <i>index.php<\/i> to show our tailored directory listing:<\/p>\n<ul>\n<li><a target=_blank href=\"http:\/\/www.rjmprogramming.com.au\/WebServer\/Apache\/dothtaccess._GETME\" title='.htaccess'>.htaccess<\/a> contains <i>Options -Indexes<\/i> which causes a <i>Forbidden 403 <\/i> error, now, for directory URLs that are missing the default webpage filenames &#8211; yellow border above<\/li>\n<li><a target=_blank href=\"http:\/\/www.rjmprogramming.com.au\/WebServer\/Apache\/index.php_GETME\" title='index.php'>index.php<\/a> contains code that simulates the directory listing, and is a more secure solution to this issue &#8211; green border above<\/li>\n<\/ul>\n<p>A very useful link, here, is <a target=_blank href='http:\/\/www.catswhocode.com\/blog\/10-useful-htaccess-snippets-to-have-in-your-toolbox' title='Prevent directory listing'>10 useful htaccess snippets to have in your toolbox<\/a> &#8230; thanks.<\/p>\n<p>Please enjoy today&#8217;s <a target=_blank href=\"http:\/\/www.rjmprogramming.com.au\/WebServer\/Apache\/IndexOrNot.jpg\" title=\"Click picture\">tutorial<\/a>.<\/p>\n<hr \/>\n<p id='ahaapt'>Previous relevant <a target=_blank href='?p=5452' title='Apache .htaccess Autoprepend Autoappend Primer Tutorial'>Apache .htaccess Autoprepend Autoappend Primer Tutorial<\/a> is shown below.<\/p>\n<div style=\"width: 230px\" class=\"wp-caption alignnone\"><a target=_blank href=\"http:\/\/www.rjmprogramming.com.au\/PHP\/Coriolis\/PHP_Global_Prepend_Append.jpg\"><img decoding=\"async\" style=\"float:left; border: 15px solid pink;\" alt=\"Apache .htaccess Autoprepend Autoappend Primer Tutorial\" src=\"http:\/\/www.rjmprogramming.com.au\/PHP\/Coriolis\/PHP_Global_Prepend_Append.jpg\" title=\"Apache .htaccess Autoprepend Autoappend Primer Tutorial\"  \/><\/a><p class=\"wp-caption-text\">Apache .htaccess Autoprepend Autoappend Primer Tutorial<\/p><\/div>\n<p>Today&#8217;s tutorial continues the discussion regarding a big area (of knowledge) of Apache and PHP website usage and would like you to reread <a target=_blank href=\"#ldpt\">Linux diff Primer Tutorial<\/a>, way below, to get the context (of what led to the first interest) that got developed in <a href='#ahampt' title='Apache .htaccess and mod_rewrite Primer Tutorial'>Apache .htaccess and mod_rewrite Primer Tutorial<\/a> as shown below.  Expertise in the use of .htaccess (or by changing the httpd.conf Apache webserver configuration file) can really help improve how much the search engines acknowledge your website (ie. SEO), particularly if you can arrange for <a target=_blank title='Short URLs' href='http:\/\/en.wikipedia.org\/wiki\/URL_shortening'><i>&#8220;short URLs&#8221;<\/i><\/a> in this way, or by some other approach.   <\/p>\n<p>So today we discuss a method of prepending and appending PHP code acting on the HTML webpage content.<\/p>\n<p>If you examine the tutorial&#8217;s <a target=_blank href=\"http:\/\/www.rjmprogramming.com.au\/PHP\/Coriolis\/PHP_Global_Prepend_Append.jpg\" title='picture'>picture<\/a> you&#8217;ll see the <a target=_blank href=\"http:\/\/www.rjmprogramming.com.au\/wordpress\/?p=5738\">Coriolis tutorial<\/a> on the local <a target=_blank href=\"http:\/\/www.rjmprogramming.com.au\/wordpress\/?p=532\">MAMP webserver<\/a> before and after a change.   You would first think that this is just a change to index.php (see yellow directory listing), but are you sure?   The times on the Firefox browser for the Before scenario and index.php listing show the same minute of the day, so it is possible that we did the Before scenario at 4:09, raced over to the editor and made the file changes for the web modification within that same minute, then waited five minutes (presumably to allow the 4:12 from Paddington to pass) before firing up the Firefox browser for the After scenario at 4:14.    What are the chances of this, up against the use of .htaccess\/global_prepend.php\/global_append.php to use Autoprepend\/Autoappend Apache httpd methods to make the change?   Well, I&#8217;d say negligible, especially as the title of this tutorial is <i>&#8220;Apache .htaccess Autoprepend Autoappend Primer Tutorial&#8221;<\/i>, but also because you&#8217;ll see from the yellow listing that the times of  .htaccess and global_prepend.php and global_append.php all fall between the Firefox Before and After scenarios.<\/p>\n<p>Have a look at the three files that achieved it:<\/p>\n<ul>\n<li><a target=_blank href=\"http:\/\/www.rjmprogramming.com.au\/PHP\/Coriolis\/dothtaccess._GETME\" title='.htaccess'>.htaccess<\/a><\/li>\n<li><a target=_blank href=\"http:\/\/www.rjmprogramming.com.au\/PHP\/Coriolis\/global_prepend.php_GETME\" title='global_prepend.php'>global_prepend.php<\/a><\/li>\n<li><a target=_blank href=\"http:\/\/www.rjmprogramming.com.au\/PHP\/Coriolis\/global_append.php_GETME\" title='global_append.php'>global_append.php<\/a><\/li>\n<\/ul>\n<p>Do you see what&#8217;s going on?   Hope so, because the implications are pretty big, as long as your Apache\/PHP website allow .htaccess usage (see the AllowOverride discussion in the <a href='#ahampt' title='Apache .htaccess and mod_rewrite Primer Tutorial'>tutorial<\/a> below).   One last thing to note happens down the bottom of the  <a target=_blank href=\"http:\/\/www.rjmprogramming.com.au\/PHP\/Coriolis\/PHP_Global_Prepend_Append.jpg\" title='picture'>picture<\/a> where (hope you can see) the URL http:\/\/localhost:8888\/yui_colourpicker.php shows a <a target=_blank href=\"http:\/\/www.rjmprogramming.com.au\/wordpress\/?p=5034\">YUI Colour Picker<\/a>.   It&#8217;s a Colour Picker feeling lonely.   So why is a lonely Colour Picker significant.    Well, call me balmy, but am overjoyed it is alone, because http:\/\/localhost:8888\/yui_colourpicker.php is down (ie. closer to the root directory) the website directory tree from http:\/\/localhost:8888\/Coriolis\/index.php and is not affected by the .htaccess in the Coriolis directory.   The implication of this is huge for this being an aid to you using this method to control user behaviour on your website.   You can have a directory (and all directories up from it on the website directory tree) where you disallow behaviours you do not want via the use of well designed .htaccess scenarios.   Please bear in mind though, that there is a small performance lag caused by whatever &#8220;homemade&#8221; logic processing is involved.   So this is definitely a subject you should pursue off the links of the <a href='#ahampt' title='Apache .htaccess and mod_rewrite Primer Tutorial'>tutorial<\/a> below.<\/p>\n<p>A great book to read regarding this subject, and others is <i>Web Design for Developers by Brian P. Hogan<\/i> (chapter 19 pp.273-275 talks about how you use this technique to help with mobile website design).<\/p>\n<hr \/>\n<p id='ahampt'>Previous <a href='http:\/\/www.rjmprogramming.com.u\/wordpress\/?p=5452' title='Apache .htaccess and mod_rewrite Primer Tutorial'>Apache .htaccess and mod_rewrite Primer Tutorial<\/a> is shown below.<\/p>\n<div style=\"width: 230px\" class=\"wp-caption alignnone\"><a target=_blank href=\"http:\/\/www.rjmprogramming.com.au\/wordpress\/htaccess.jpg\"><img decoding=\"async\" style=\"float:left; border: 15px solid pink;\" alt=\"Apache .htaccess and mod_rewrite Primer Tutorial\" src=\"http:\/\/www.rjmprogramming.com.au\/wordpress\/htaccess.jpg\" title=\"Apache .htaccess and mod_rewrite Primer Tutorial\"  \/><\/a><p class=\"wp-caption-text\">Apache .htaccess and mod_rewrite Primer Tutorial<\/p><\/div>\n<p>Today&#8217;s topic is a big area (of knowledge) of Apache and PHP website usage and would like you to (re?)read yesterday&#8217;s <a target=_blank href=\"#ldpt\">Linux diff Primer Tutorial<\/a>, below, to get the context (of what led to the interest).  Expertise in the use of .htaccess (or by changing the httpd.conf Apache webserver configuration file) can really help improve how much the search engines acknowledge your website (ie. SEO), particularly if you can arrange for <a target=_blank title='Short URLs' href='http:\/\/en.wikipedia.org\/wiki\/URL_shortening'><i>&#8220;short URLs&#8221;<\/i><\/a> in this way, or by some other approach.   The optimal URL for search engines is one that:<\/p>\n<ul>\n<li>Has no ? nor &amp; (very hard with dynamically generated scenarios &#8230; HTML form element method=&#8217;POST&#8217; can help a bit)<\/li>\n<li>Has no file extension shown (ie. no .html nor .htm nor .php nor .aspx etcetera etcetera etcerera)<\/li>\n<li>Ends with \/<\/li>\n<li>Contains meaningful and apt words in the URL<\/li>\n<\/ul>\n<p>Think about it.   If you were running a search engine with the rules above you could tell a lot about the webpage without parsing any of its contents, and not even having to do any intensive parsing of the URL.<\/p>\n<p>So Apache configurations allow for the remapping of URLs without the end user having to be aware of it in any way.  In this tutorial we illustrate how this works on our local Apache MAMP webserver here on this Mac.<\/p>\n<p>Some good background reading here would be:<\/p>\n<ul>\n<li><a target=_blank title='mod_rewrite' href='http:\/\/httpd.apache.org\/docs\/current\/mod\/mod_rewrite.html'>mod_rewrite<\/a><\/li>\n<li><a target=_blank title='AllowOverride' href='http:\/\/httpd.apache.org\/docs\/2.2\/mod\/core.html#allowoverride'>AllowOverride<\/a><\/li>\n<li><a target=_blank title='RewriteBase' href='http:\/\/httpd.apache.org\/docs\/current\/mod\/mod_rewrite.html#rewritebase'>RewriteBase<\/a><\/li>\n<li><a target=_blank title='RewriteCond' href='http:\/\/httpd.apache.org\/docs\/current\/mod\/mod_rewrite.html#rewritecond'>RewriteCond<\/a><\/li>\n<li><a target=_blank title='RewriteEngine' href='http:\/\/httpd.apache.org\/docs\/current\/mod\/mod_rewrite.html#rewriteengine'>RewriteEngine<\/a><\/li>\n<li><a target=_blank title='RewriteRule' href='http:\/\/httpd.apache.org\/docs\/current\/mod\/mod_rewrite.html#rewriterule'>RewriteRule<\/a><\/li>\n<li><a target=_blank title='URL Rewriting for Beginners Tutorial' href='http:\/\/www.addedbytes.com\/articles\/for-beginners\/url-rewriting-for-beginners\/'>URL Rewriting for Beginners Tutorial<\/a><\/li>\n<li><a target=_blank title='URL Rewriting Tutorial' href='http:\/\/www.yourhtmlsource.com\/sitemanagement\/urlrewriting.html'>URL Rewriting Tutorial<\/a><\/li>\n<\/ul>\n<p>Link to the MAMP scenario&#8217;s .htaccess configuration source code is downloadable here and you should rename to <a target=_blank title='.htaccess' href='http:\/\/www.rjmprogramming.com.au\/wordpress\/dot.htaccess_GETME'>.htaccess<\/a> (but not clobber any existing working configuration files on your system, pleeeeeeease).<\/p>\n<p>Now, a bit more about the thinking.  If you are a regular of this blog you will know that a lot of use is made of the file ending <i>_GETME<\/i> which is this blog&#8217;s way of providing you a download (of code like PHP, which is not accessible usually in this way).   Occasionally, when trying to show you the progression of code this blog resorts to a <i>-GETME<\/i> file existing along with the older <i>_GETME<\/i> in the same place.   The purpose of the .htaccess is to call diff.php when that <i>-GETME<\/i> type of file is used as a URL (will be a fairly rare occurrence) and diff.php will work out that there are both files existant, and will use the Linux diff command to show the two files, and a Linux (or unix) version of the file differences.   With proper configuration all <i>-GETME<\/i>&#8216;s could be treated this way &#8230; cute, huh?<\/p>\n<hr \/>\n<p id=\"ldpt\">Yesterday&#8217;s relevant <a target=_blank href=\"http:\/\/www.rjmprogramming.com.au\/wordpress\/?p=5435\">Linux diff Primer Tutorial<\/a> is shown below.<\/p>\n<div style=\"width: 230px\" class=\"wp-caption alignnone\"><a target=_blank href=\"http:\/\/www.rjmprogramming.com.au\/Linux\/diff\/diff.png\"><img decoding=\"async\" style=\"float:left; border: 15px solid pink;\" alt=\"Linux diff Primer Tutorial\" src=\"http:\/\/www.rjmprogramming.com.au\/Linux\/diff\/diff.jpg\" title=\"Linux diff Primer Tutorial\"  \/><\/a><p class=\"wp-caption-text\">Linux diff Primer Tutorial<\/p><\/div>\n<p>The Linux (or unix) command <a target=_blank title='diff' href='http:\/\/pic.dhe.ibm.com\/infocenter\/zos\/v1r13\/index.jsp?topic=%2Fcom.ibm.zos.r13.bpxa500%2Fdiff.htm'><i>diff<\/i><\/a> is a powerful command line tool that does file comparisons at the command line of a Linux (or unix) operating system command line.   When you are coding this type of tool can be very important.   You may not like to do such tasks in the command line, and have to say that a GUI (on Windows <a target=_blank title='UltraEdit' href='http:\/\/www.ultraedit.com\/'>UltraEdit<\/a> (text editor) is brilliant, on Mac think <a target=_blank title='TextWrangler' href='http:\/\/www.barebones.com\/products\/textwrangler\/'>TextWrangler<\/a> does a good job here) type of comparison works better for me, and <a target=_blank title='Source Control' href='http:\/\/www.rjmprogramming.com.au\/wordpress\/?tag=source-control'>Source Control<\/a> techniques work well for many programmers, but GUI doesn&#8217;t always gel with integration, and want to show you today how the Linux diff can be incorporated into your PHP code.   In saying this, am recommending extreme care with this, as its misuse can have bad implications for the whole website to be exposed to the outside world.   Balancing this up against wanting to have a tool for users of this web blog to (have a more automated way to) be able to see the comparisons of files of changing code, as in yesterday&#8217;s tutorial, have decided to show the workings of this, in the rudimentary way it is used here.   At the other end of <i>diff<\/i>, its output can be used by <i>patch<\/i> to make <i>diff<\/i> an even more powerful tool, and there are links about all this below.<\/p>\n<p>Some good background reading here would be:<\/p>\n<ul>\n<li><a target=_blank title='diff' href='http:\/\/pic.dhe.ibm.com\/infocenter\/zos\/v1r13\/index.jsp?topic=%2Fcom.ibm.zos.r13.bpxa500%2Fdiff.htm'>diff<\/a> (Linux or unix diff command)<\/li>\n<li><a target=_blank title='exec' href='http:\/\/php.net\/manual\/en\/function.exec.php'>exec<\/a> (as interface to use with PHP on the web)<\/li>\n<li><a target=_blank title='patch' href='http:\/\/pic.dhe.ibm.com\/infocenter\/zos\/v1r13\/index.jsp?topic=%2Fcom.ibm.zos.r13.bpxa500%2Fpatch.htm'>patch<\/a> (as a way to use diff output as input to Linux or unix patch command)<\/li>\n<\/ul>\n<p>So &#8230; why does the picture for this tutorial not show a Linux command line screen?   Well, today we show you the power of the combination of Linux commands and the PHP way to access these commands (in our case with diff.php &#8230; the PHP exec() method).  The follow up issue that tomorrow&#8217;s tutorial will address is the idea of an Apache web server configuration allowing a file &#8220;extension&#8221; to be mapped to a URL arrangement of your choosing &#8230; will save the idea here for that future tutorial, as this topic area is very big and needs the user to step back and think about, a lot, before considering.<\/p>\n<p>Specifically, in diff.php (of the picture) it has a line of code &#8230; <\/p>\n<blockquote>\n<p>  exec(&#8220;diff &#8221; . dirname(__FILE__) . &#8220;\/one.one &#8221; . dirname(__FILE__) . &#8220;\/two.two > &#8221; . dirname(__FILE__) . &#8220;\/huh.huh&#8221;);<\/p>\n<\/blockquote>\n<p>&#8230; to bring (Linux) diff results to the web for file comparison purposes &#8230; clicking on the picture of the tutorial shows a picture showing the link that got clicked to create the webpage of the front picture.   By the way, am not showing all the code of diff.php today, and am sorry about that, but rest assured the line of code above is its crucial part.<\/p>\n<p>If this was interesting you may be interested in <a title='Click here to see topics in which you might be interested' href='#d5435' onclick='var dv=document.getElementById(\"d5435\"); dv.innerHTML = \"&lt;iframe width=670 height=600 src=\" + \"http:\/\/www.rjmprogramming.com.au\/wordpress\/?tag=Linux\" + \"&gt;&lt;\/iframe&gt;\"; dv.style.display = \"block\";'>this<\/a> too.<\/p>\n<div id='d5435' style='display: none; border-left: 2px solid green; border-top: 2px solid green;'><\/div>\n<hr \/>\n<p>If this was interesting you may be interested in <a title='Click here to see topics in which you might be interested' href='#d5452' onclick='var dv=document.getElementById(\"d5452\"); dv.innerHTML = \"&lt;iframe width=670 height=600 src=\" + \"http:\/\/www.rjmprogramming.com.au\/wordpress\/?tag=Linux\" + \"&gt;&lt;\/iframe&gt;\"; dv.style.display = \"block\";'>this<\/a> too.<\/p>\n<div id='d5452' style='display: none; border-left: 2px solid green; border-top: 2px solid green;'><\/div>\n<hr \/>\n<p>If this was interesting you may be interested in <a title='Click here to see topics in which you might be interested' href='#d5452' onclick='var dv=document.getElementById(\"d5452\"); dv.innerHTML = \"&lt;iframe width=670 height=600 src=\" + \"http:\/\/www.rjmprogramming.com.au\/wordpress\/?tag=Linux\" + \"&gt;&lt;\/iframe&gt;\"; dv.style.display = \"block\";'>this<\/a> too.<\/p>\n<div id='d5452' style='display: none; border-left: 2px solid green; border-top: 2px solid green;'><\/div>\n<hr \/>\n<p>If this was interesting you may be interested in <a title='Click here to see topics in which you might be interested' href='#d8966' onclick='var dv=document.getElementById(\"d8966\"); dv.innerHTML = \"&lt;iframe width=670 height=600 src=\" + \"http:\/\/www.rjmprogramming.com.au\/wordpress\/?tag=webserver\" + \"&gt;&lt;\/iframe&gt;\"; dv.style.display = \"block\";'>this<\/a> too.<\/p>\n<div id='d8966' style='display: none; border-left: 2px solid green; border-top: 2px solid green;'><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Today&#8217;s tutorial continues some of this blog&#8217;s discussions regarding a big area (of knowledge) of Apache and PHP website usage, about the use of .htacccess files we last talked about with the previous Apache .htaccess Autoprepend Autoappend Primer Tutorial as &hellip; <a href=\"https:\/\/www.rjmprogramming.com.au\/ITblog\/apache-htaccess-prevent-directory-listing-tutorial\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12,29,37],"tags":[42,85,249,723,744,932,997,1319,1419],"class_list":["post-8966","post","type-post","status-publish","format-standard","hentry","category-elearning","category-operating-system","category-tutorials","tag-htaccess","tag-apache","tag-configuration","tag-mac","tag-mamp","tag-php","tag-programming","tag-tutorial","tag-webserver"],"_links":{"self":[{"href":"https:\/\/www.rjmprogramming.com.au\/ITblog\/wp-json\/wp\/v2\/posts\/8966"}],"collection":[{"href":"https:\/\/www.rjmprogramming.com.au\/ITblog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.rjmprogramming.com.au\/ITblog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.rjmprogramming.com.au\/ITblog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.rjmprogramming.com.au\/ITblog\/wp-json\/wp\/v2\/comments?post=8966"}],"version-history":[{"count":0,"href":"https:\/\/www.rjmprogramming.com.au\/ITblog\/wp-json\/wp\/v2\/posts\/8966\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.rjmprogramming.com.au\/ITblog\/wp-json\/wp\/v2\/media?parent=8966"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.rjmprogramming.com.au\/ITblog\/wp-json\/wp\/v2\/categories?post=8966"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.rjmprogramming.com.au\/ITblog\/wp-json\/wp\/v2\/tags?post=8966"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}