Home » Php » Directory index forbidden by Options directive

Directory index forbidden by Options directive

Posted by: admin November 21, 2017 Leave a comment

Questions:

I’m using the dompdf plugin for codeigniter: http://codeigniter.com/wiki/PDF_generation_using_dompdf/

to generate pdfs from a form. This works on localhost, but on the live server I get this in the error log:

Directory index forbidden by Options directive: /var/www/vhosts/domain.co.uk/httpdocs/mm/userdata/account1/invoices/

Any idea what this means? I’ve searched for answers, and found a few that suggest editing the httpd.conf, however I don’t have access to this.

I’ve also tried adding a blank index.html file to the root and document directory (as also suggested elsewhere, but to no avail).

Any help greatly appreciated.

Thanks!

Answers:

Either the main httpd.conf or the .htaccess file in this directory or a nearby parent directory probably includes:

Options -Indexes

Your host may have to set it to +Indexes if you don’t have access in .htaccess and want to list & browse the directory contents, absent a default index.html, index.php, etc. If the directory should not have a default file and you don’t enable Indexes, you may only directly target the filenames of contents within it.

The Indexes option is commonly disabled by default on many Apache installations.

Full details are available in the Apache core documentation on Options

Questions:
Answers:

It means there’s no default document in that directory (index.html, index.php, etc…). On most webservers, that would mean it would show a listing of the directory’s contents. But showing that directory is forbidden by server configuration (Options -Indexes)

Questions:
Answers:

Another issue that you might run into if you’re running RHEL (I ran into it) is that there is a default welcome page configured with the httpd package that will override your settings, even if you put Options Indexes. The file is in /etc/httpd/conf.d/welcome.conf. See the following link for more info:
http://wpapi.com/solved-issue-directory-index-forbidden-by-options-directive/

Questions:
Answers:

The Problem

Indexes visible in a web browser for directories that do not contain an index.html or index.php file.

I had a lot of trouble with the configuration on Scientific Linux’s httpd web server to stop showing these indexes.

The Configuration that did not work

httpd.conf virtual host directory directives:

<Directory /home/mydomain.com/htdocs>
    Options FollowSymLinks
    AllowOverride all
    Require all granted
</Directory>

and the addition of the following line to .htaccess:

Options -Indexes

Directory indexes were still showing up. .htaccess settings weren’t working!

How could that be, other settings in .htaccess were working, so why not this one? What’s going? It should be working! %#$&^$%@# !!

The Fix

Change httpd.conf’s Options line to:

Options +FollowSymLinks

and restart the webserver.

From Apache’s core mod page: ( https://httpd.apache.org/docs/2.4/mod/core.html#options )

Mixing Options with a + or – with those without is not valid syntax
and will be rejected during server startup by the syntax check with an
abort.

Voilà directory indexes were no longer showing up for directories that did not contain an index.html or index.php file.

Now What! A New Wrinkle

New entries started to show up in the ‘error_log’ when such a directory access was attempted:

[Fri Aug 19 02:57:39.922872 2016] [autoindex:error] [pid 12479] [client aaa.bbb.ccc.ddd:xxxxx] AH01276: Cannot serve directory /home/mydomain.com/htdocs/dir-without-index-file/: No matching DirectoryIndex (index.html,index.php) found, and server-generated directory index forbidden by Options directive

This entry is from the Apache module ‘autoindex’ with a LogLevel of ‘error’ as indicated by [autoindex:error] of the error message—the format is [module_name:loglevel].

To stop these new entries from being logged, the LogLevel needs to be changed to a higher level (e.g. ‘crit’) to log fewer—only more serious error messages.

Apache 2.4 LogLevels

See Apache 2.4’s core directives for LogLevel.

emerg, alert, crit, error, warn, notice, info, debug, trace1, trace2, trace3, tracr4, trace5, trace6, trace7, trace8

Each level deeper into the list logs all the messages of any previous level(s).

Apache 2.4’s default level is ‘warn’. Therefore, all messages classified as emerg, alert, crit, error, and warn are written to error_log.

Additional Fix to Stop New error_log Entries

Added the following line inside the <Directory>..</Directory> section of httpd.conf:

LogLevel crit

The Solution 1

My virtual host’s httpd.conf <Directory>..</Directory> configuration:

<Directory /home/mydomain.com/htdocs>
    Options +FollowSymLinks
    AllowOverride all
    Require all granted
    LogLevel crit
</Directory>

and adding to /home/mydomain.com/htdocs/.htaccess, the root directory of your website’s .htaccess file:

Options -Indexes

If you don’t mind the ‘error’ level messages, omit

LogLevel crit

Scientific Linux – Solution 2 – Disables mod_autoindex

No more autoindex’ing of directories inside your web space. No changes to .htaccess. But, need access to the httpd configuration files in /etc/httpd

  1. Edit /etc/httpd/conf.modules.d/00-base.conf and comment the line:

    LoadModule autoindex_module modules/mod_autoindex.so
    

    by adding a # in front of it then save the file.

  2. In the directory /etc/httpd/conf.d rename (mv)

    sudo mv autoindex.conf autoindex.conf.<something_else>
    
  3. Restart httpd:

    sudo httpd -k restart
    

    or

    sudo apachectl restart
    

The autoindex_mod is now disabled.

Linux distros with ap2dismod/ap2enmod Commands

Disable autoindex module enter the command

    sudo a2dismod autoindex

to enable autoindex module enter

    sudo a2enmod autoindex

Questions:
Answers:

Insert this lines:

<Directory "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/htdocs">
        Options  +Indexes
</Directory>

In your C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf\extra\httpd-vhosts.conf file. I assume you are using Virtual Host for development.

And then, of course, just restart Apache.

Documentation