Reputation: 277
Apache 2.4 - How to deny access to DocumentRoot but allow 'trailing slash' access to DirectoryIndex file
In my Apache 2.4 VirtualHost configuration, I'd like to - by default - deny access to everything in the DocumentRoot that I do not enable explicitly. To that end, I have written:
DocumentRoot /var/www
<Directory "/var/www">
Require all denied
<Files "index.html">
Require all granted
</Files>
</Directory>
This enables direct access to http://myserver.example/index.html, but results in a 403 response for indirect access to http://myserver.example/.
How can I correct this behaviour?
Upvotes: 1
Views: 2434
Answers (1)
Reputation: 277
Following the hint that I "did not explicitly allow /", resulting in it being forbidden set me on the right track to solve this.
Adding a LocationMatch directive that deals with the trailing slash exclusively results in the desired behaviour:
DocumentRoot /var/www
<Directory "/var/www/">
Require all denied
<Files "index.html">
Require all granted
</Files>
</Directory>
# Regex anchored at string beginning and end
# -> only matches "/"
<LocationMatch "^/$">
Require all granted
</LocationMatch>
Note that adding a <Files "/"> directive does not work, probably because the accessed resource is not really a file.
Neither is <Location /> the right thing, because it would be applied to the entire VirtualHost.
Upvotes: 1
Related Questions
- Forbid access to directory, but not alias?
- How to disable directory indexing from apache2 when going to the server's root?
- Prevent a file to access if for .htaccess: DirectoryIndex
- Restrict access to apache 2.4 directory but allow certain files
- How to disable access to parent directory of DocumentRoot?
- .htaccess prevent access from all but root (with or without trailing slash)
- Apache htaccess: Block direct access to index.html in a folder
- Apache - Deny listing directory but allow access to all subfolders
- .htaccess code to deny folder browsing
- Deny access to all files except index file - Apache2