[3550] in WWW Security List Archive
Re: Alta Vista may or may not harvest unadvertised documents
daemon@ATHENA.MIT.EDU (John Robert LoVerso)
Fri Nov 15 10:44:08 1996
To: "David W. Morris" <dwm@xpasc.com>, Steven Bellovin <smb@research.att.com>,
"David M. Chess" <CHESS@watson.ibm.com>
cc: www-security@ns2.rutgers.edu
In-reply-to: Message from "David W. Morris" <dwm@xpasc.com>
<Pine.GSO.3.95.961114103307.26931D-100000@shell1.aimnet.com> .
Date: Fri, 15 Nov 1996 08:01:17 -0500
From: John Robert LoVerso <loverso@osf.org>
Errors-To: owner-www-security@ns2.rutgers.edu
smb wrote:
> Blatant assertion: servers should refuse to deal with directories without
> explicit index.html files. If it's not there, the directory won't be
In fact, NCSA and Apache do this. Just take the "Options Indexes" out of
srm.conf. If you add "AllowOverride Indexes" then you can enable indexing
on a per directory basis by putting "Options Indexes" in the .htaccess file.
Since the server will walk up a file tree until it finds a .htaccess file,
then you can allow indexing on a whole tree by just putting a single
.htaccess at the root.
Too bad there is no way to say "Options NoIndexes".
John
