HTTP Directory Listing Vs FTP Listing

Forum Moderators: phranque

Message Too Old, No Replies

HTTP Directory Listing Vs FTP Listing

ChrisD

12:43 pm on May 4, 2007 (gmt 0)

I'm trying to figure out this one- maybe someone has some insight.

I want to create a subdirectory in my document root:

wwww.example.com/docs/

For access via HTTP (say a web browser), I want to have an authenticated fancy directory listing of files in the directory including headers and footers. This involves the use of an htaccess and relevant files for header and footer, etc.

For FTP access (also authenticated), I don't want the htaccess file (or headers/footer files) to be visible so that FTP users cannot view/modify it.

Any clue?

cmarshall

9:15 pm on May 5, 2007 (gmt 0)

Welcome to WebmasterWorld!

Gee, is my face red. I urged you to ask a question here, and there ain't no answer in a couple of days.

I'm not sure if I have an answer, myself, as I haven't really ever done anything like that.

jdMorgan

9:54 pm on May 5, 2007 (gmt 0)

Without server config file access, the FTP part of the question makes this a stumper -- for me anyway. I don't believe you can or should use .htaccess to authenticate/authorize the users in this kind of situation -- It needs to be done at the server config level.

Jim

encyclo

10:05 pm on May 5, 2007 (gmt 0)

Welcome to WebmasterWorld ChrisD. This isn't really an Apache issue, ideally this should be controlled via standard UNIX file permissions - simply speaking, if the files are owned by root or a different user from the one accessing the files via FTP, then the files may be visible, but they can't be accessed if you set the permissions limited enough.

Check out the documentation for your FTP daemon too, for example if you are using xsftpd, see the

deny_file

option in the vsftpd man page [vsftpd.beasts.org]. You would need to be able to configure ftpd though (not a shared server).