Reputation: 6551

Can someone look into a web servers folders?

Answers (5)

user142019

Reputation:

Depends on the server. The server always decides what the client may and may not see. In your case, Apache, see Mitro's answer.

Upvotes: 0

Nathan Garabedian

Reputation: 737

Web servers have a setting that controls whether or not the directory listing can be browsed. Apache's is called Options Indexes:

Indexes If a URL which maps to a directory is requested, and the there is no DirectoryIndex (e.g., index.html) in that directory, then the server will return a formatted listing of the directory.

However, if anyone knows the URL in advance, or can easily guess the filename, they can still load the pdf.

Upvotes: 0

Brad

Reputation: 163438

Generally speaking, no. Especially if you explicitly turn off the directory listing for that specific directory.

<Directory /path/to/directory>
   Options -Indexes
</Directory>

Source: http://httpd.apache.org/docs/1.3/misc/FAQ.html

However, you should be securing files through some sort of authentication process rather than just file names. What you propose can be found by simply brute forcing the file name. Also, people can share URLs, folks can sniff and find the URL, etc. Use a better method.

Upvotes: 1

Mitro

Reputation: 1626

Generally, no. Instead of creating an "index" file, you may also unset the apache "Options Indexes"

Upvotes: 1

Jahan Zinedine

Reputation: 14874

Just disable the directory listing in your web server

Upvotes: 1

Can someone look into a web servers folders?

Answers (5)

Related Questions