Discussion:
hide listing of directory with .htaccess but allowing access to .pdf files
(too old to reply)
Ecka
2005-02-11 23:22:44 UTC
Permalink
Hi,

I want to hide the listing of a directory but allow access to all PDF files
if a link is provided in another page.

I created an .htaccess file and added "Options -Indexes" which worked fine
as far as preventing a directory listing but this also disallowed me from
listing the whole filename. I then added the following:

<FilesMatch "*.pdf">
Allow from All
</FilesMatch>

But I still can't list those files.

So, instead I've just added "IndexIgnore *" to my .htaccess file which
allows me to call on the PDFs by filename but lists nothing when you perform
a listing of the directory. How do I achieve what I was trying to do
initially?

Cheers,
Eric
Tim
2005-02-12 09:53:03 UTC
Permalink
On Sat, 12 Feb 2005 10:22:44 +1100,
Post by Ecka
I want to hide the listing of a directory but allow access to all PDF files
if a link is provided in another page.
The following portions of your message make that unclear. You want them to
be able to see a *listing* of the PDFs in that directory, or just be able
to *read* a referenced PDF file? Because what's listed, and what's
accessable, are two entirely different things.
Post by Ecka
I created an .htaccess file and added "Options -Indexes" which worked fine
as far as preventing a directory listing but this also disallowed me from
<FilesMatch "*.pdf">
Allow from All
</FilesMatch>
But I still can't list those files.
"Allow from" is referring to accessing the files, nothing to do with what's
listed when a listing is automatically generated for a directory.
Post by Ecka
So, instead I've just added "IndexIgnore *" to my .htaccess file which
allows me to call on the PDFs by filename but lists nothing when you perform
a listing of the directory. How do I achieve what I was trying to do
initially?
Explain what you want, *clearly*...

However, guessing that you *might* want someone to be able to see a list of
PDF files to be viewed from a directory, but not be able to list other
types of files, you could do something like:

IndexIgnore *.html *.gif *.jpeg

So that automatically generated lists will ignore those types of files, and
list what's left over.

The simpler solution might be to put what you want accessible in a
sub-directory.
--
If you insist on e-mailing me, use the reply-to address (it's real but
temporary). But please reply to the group, like you're supposed to.

This message was sent without a virus, please delete some files yourself.
Ecka
2005-02-13 00:57:33 UTC
Permalink
Post by Tim
On Sat, 12 Feb 2005 10:22:44 +1100,
Post by Ecka
I want to hide the listing of a directory but allow access to all PDF files
if a link is provided in another page.
The following portions of your message make that unclear. You want them to
be able to see a *listing* of the PDFs in that directory, or just be able
to *read* a referenced PDF file? Because what's listed, and what's
accessable, are two entirely different things.
Ok, let's say I have a subfolder under my website called pdf that holds PDF
files. If someone types http://www.mydomain.com/pdf/, I want them to get
the error saying "Forbidden: You don't have permission to access /pdf/ on
this server.". But if I provide a link on another page to one of those
files kept in that directory, I want them to be able to access it. So, if I
have a link <a href="pdf/file1.pdf">File 1</a> on my main page, I want them
to be able to view it. Clear as mud? :)

Regards,
Eric
HansH
2005-02-13 01:45:10 UTC
Permalink
Post by Ecka
Post by Tim
On Sat, 12 Feb 2005 10:22:44 +1100,
Post by Ecka
I want to hide the listing of a directory but allow access to all PDF
files if a link is provided in another page.
The following portions of your message make that unclear. You want them
to be able to see a *listing* of the PDFs in that directory, or just be
able
Post by Ecka
Post by Tim
to *read* a referenced PDF file? Because what's listed, and what's
accessable, are two entirely different things.
Ok, let's say I have a subfolder under my website called pdf that holds PDF
files. If someone types http://www.mydomain.com/pdf/, I want them to get
the error saying "Forbidden: You don't have permission to access /pdf/ on
this server.".
Your now how to allow and disallow indexes to not-list files ...
Post by Ecka
But if I provide a link on another page to one of those
files kept in that directory, I want them to be able to access it. So, if I
have a link <a href="pdf/file1.pdf">File 1</a> on my main page, I want them
to be able to view it.
( that has to be '<a href="/pdf/file1.pdf">File 1</a>')
... and that does not interfere with normal access of a single file.

In act it is the default configuration of Apache.
Post by Ecka
Clear as mud? :)
No ;-) Should be cristal to you too soon.

HansH
Tim
2005-02-13 11:43:26 UTC
Permalink
On Sun, 13 Feb 2005 11:57:33 +1100,
Post by Ecka
Ok, let's say I have a subfolder under my website called pdf that holds PDF
files. If someone types http://www.mydomain.com/pdf/, I want them to get
the error saying "Forbidden: You don't have permission to access /pdf/ on
this server.".
Removing the indexes option *will* do that. That will *just* prevent them
getting a list generated of the contents.

e.g. Options -Indexes
Post by Ecka
But if I provide a link on another page to one of those
files kept in that directory, I want them to be able to access it.
If you mean a particular file, by "it", rather than listing the whole
directory, then they can do that by default. Unless you've really altered
the way the server is configured, you won't have to do anything to let it
work the way you're suggesting.
Post by Ecka
So, if I have a link <a href="pdf/file1.pdf">File 1</a> on my main page,
I want them to be able to view it. Clear as mud? :)
If you're putting your link on the default homepage for the server, and the
/pdf/ directory is a sub-directory, then that link will work as it stands.
But if the /pdf/ directory is elsewhere (relatively speaking), or if you'd
like to be able to use the same link no matter where the page it's written
on is located, then make it an absolute link as HansH said (start it with a
slash).
--
If you insist on e-mailing me, use the reply-to address (it's real but
temporary). But please reply to the group, like you're supposed to.

This message was sent without a virus, please delete some files yourself.
DCowboy
2005-02-13 14:59:19 UTC
Permalink
There's another way to do this without using .htaccess.

For each directory you don't want indexed, just drop in a short index.htm
file containing a JavaScript redirect to your home page. Works like a charm.

-- D. Cowboy
Post by Ecka
Hi,
I want to hide the listing of a directory but allow access to all PDF files
if a link is provided in another page.
I created an .htaccess file and added "Options -Indexes" which worked fine
as far as preventing a directory listing but this also disallowed me from
<FilesMatch "*.pdf">
Allow from All
</FilesMatch>
But I still can't list those files.
So, instead I've just added "IndexIgnore *" to my .htaccess file which
allows me to call on the PDFs by filename but lists nothing when you perform
a listing of the directory. How do I achieve what I was trying to do
initially?
Cheers,
Eric
Tim
2005-02-14 11:49:40 UTC
Permalink
On Sun, 13 Feb 2005 14:59:19 GMT,
Post by DCowboy
There's another way to do this without using .htaccess.
For each directory you don't want indexed, just drop in a short index.htm
file containing a JavaScript redirect to your home page. Works like a charm.
Problems with that:

If the user doesn't have JavaScript enabled, it won't do what you said. A
proper HTTP redirect rule could, though.

But redirecting, whichever way, has it's own problems. On a public server
you're going to get indexed by search engines, eventually. You're far
better off to not let them do something, so they don't index something you
didn't wish them to.
--
If you insist on e-mailing me, use the reply-to address (it's real but
temporary). But please reply to the group, like you're supposed to.

This message was sent without a virus, please delete some files yourself.
Loading...