|Need index page for sub-directory?|
| 10:55 pm on Oct 3, 2008 (gmt 0)|
Is it common practice to place an index page in a sub-directory? The index page acts as a "home" page for that directory. For example, a site has a directory called "Articles" with a number of article web pages. Should there be an index.htm in the Articles directory? What happens if there's no index file?
| 1:18 am on Oct 4, 2008 (gmt 0)|
You don't have to, but if you do, it gives you a page called example.com/folder/ rather than example.com/folder/file.html, which is neat.
Depending on your server setup, if you DON'T do this, your server will substitute a file list at that URL, which can be a security risk.
| 1:22 am on Oct 4, 2008 (gmt 0)|
The index file is important. If a user goes you yoursite.com/yourfolder/ and there is no index file they will receive a 404 page not found message. Even if you have a folder filled with articles and each article is linked to from other pages it is still good practice to have an index file in each directory.
Lets imagine your site is about cars, you have a folder called "engines". I might get to that folder by following a link to a page about ford engines...
This might be of interest so I then decide to delete the ford.html so see what other information you have and get a page not found. The index page could have been used to allow me to see all the pages available. By default some servers, if not most! will show a directory index. "Index of" page. These are very unprofessional, you can make a simple html page to link to your pages within the folder.
| 1:31 am on Oct 4, 2008 (gmt 0)|
I have, in fact, come across site folders without an index file and it will show an index of all the files there. Certainly not professional and maybe a security risk. Just wasn't sure what the common practice was, but it seems prudent to create an index file for each sub-directory.
| 2:56 am on Oct 4, 2008 (gmt 0)|
Even for images!
| 12:58 pm on Oct 4, 2008 (gmt 0)|
with image directories what I generaly do is create a simple index.html file and place a meta refresh to point the user to the site homepage. This prevents users viewing images without the content.
| 1:02 pm on Oct 4, 2008 (gmt 0)|
For images, styles, scripts, and other such folders I add a line to .htaccess that stops any viewing of file lists, or of any index page in those folders.
| 3:58 pm on Oct 4, 2008 (gmt 0)|
FYI this is called directory indexing and is managed by one of the configuration files on your server. For example, if your directory indexing is set to: index.html, index.htm, home.html, index.cgi, it will look for the first one, if not found, the next, and so on. You can easily add other index types to this configuration: index.php, index.asp, etc.
|I have, in fact, come across site folders without an index file and it will show an index of all the files there. |
Also part of the server configuration - what you should get here is a server error message, "Directory Indexing Not Allowed" (paraph.) If you can't get this changed, putting the index file in that directory is a fix, but it may be indicative of other small oversights that add up to security issues.
| 4:47 pm on Oct 4, 2008 (gmt 0)|
g1smd: can you show an example of a line that you would add to your .htaccess that would stop the viewing of file lists for images and scripts?
Are there any good books or resources to learn more about server configuration, management, good habits, tips and tricks?
| 5:00 pm on Oct 4, 2008 (gmt 0)|
There are other ways, using DirectoryIndex etc, as suggested above, but sometimes I use this:
RewriteRule ^scripts/?$ /this.file.does.not.exist [L]
RewriteRule ^styles/?$ /this.file.does.not.exist [L]
RewriteRule ^images/?$ /this.file.does.not.exist [L]
which can be simplified to:
RewriteRule ^(scripts¦styles¦images)/?$ /this.file.does.not.exist [L]
There's already a redirect in place which strips any named index file filename off the URL request.
With this, they don't get a "there's a folder here and you are not allowed to look at it" message, they instead get a "that thing doesn't exist" error message.