Disabling DirectoryIndex (not directory listing)

[Milosz]

Hello,

 

I'd like to disable the DirectoryIndex completely for a certain directory; the reason being that users are able to upload files to this directory and I don't want some prankster uploading his/her own index.html . There must be a better way to do this than:

 

DirectoryIndex highly_improbable_file_name.obscure_extension

 

I looked at http://www.auburn.edu/docs/apache/mod/mod_dir.html but was unable to find an answer. Perhaps someone here might know?

[PFMaBiSmAd]

Put your own index.html file in the folder and preventing any uploaded file from overwriting it, either by setting permissions or making sure the upload script never overwrites it.

 

Your upload script should be validating the file name of uploaded files or it should be building file names completely under your control (having nothing to do with any part of the uploaded file name) and then relating your built file name back to the original file name using a database table.

[neogranas]

Err, redacted for lack of reading what you originally posted.

 

You could possibly change ownership to nobody and make it an unwritable folder, but if you need people to upload to it, you'll either have to have it set up so that they login or you may just have to hope that they don't botch it.

[rhodesa]

in an .htaccess file in that dir, put:

Options -Indexes

[mummana]

pls. use the below settings:

 

# to prevent the directory listing

IndexIgnore *

 

 

[corbin]

pls. use the below settings:

 

# to prevent the directory listing

IndexIgnore *

 

 

 

 

You do realize that disabling Indexes is much, much faster, yes?