Deny directory browsing-help?

Hi Veteran web administrators!

I want to learn to be like the big boys in web serving. I have a problem that I cannot find the answer to anywhere related to Apache running on Linux, so I would be grateful for some help:

How do I prevent a user from browsing a directory that contains my images but still allows the images to be served to any HTML pages that call them? When a user changes the URI for my site to access the images folder, e.g. http://www.abcdom.com/images/, the entire listing of all the images and other directories is listed, just like an ftp site. I want to prevent the user from being able to do this.

I thought changing the permissions of the directories with chmod 500 would give the user a forbidden error (error 500) which would work, but then the images will not load when called by HTML.
For example http://www.adobe.com uses CSS from the directory /ssi/css/ to give each browser/platform combination a customized style sheet, which I can view using the URL http://www.adobe.com/ssi/css/mac_ns.css, for example, BUT I can NOT just browse the directory /ssi/css/.
How do they do this?
I do not have my own server, so I cannot change the httpd.conf file, only using .htaccess files and permissions through telnet.

Many thanks for anyone who can help me!

rootdr


[Edited by rootdr on 01-18-2001 at 09:56 AM]

I am not sure what you need, but usually if you put an empty file index.html in your directory, this will solve the problem.

I made this mistake my first time around. The problem is that directory permissions are completely different from file permissions.

If you "chmod 711" on a file (resulting in settings like this: -rwx--x--x), that would allow a user to execute that file. But if you "chmod 711" to the /directory/ that contains the file (drwx--x--x), you're simply allowing the user to access the file if they know its name. Whether they can read, write, or execute the file itself will be set by the file's permissions.

So you just need to chmod your /images/ directory to something like 711. Then set permissions of the gif and jpg files themselves to something like 744 (-rwxr--r--), which will allow users to read those images. Presto: Now users can access the images if they can name them. If they can't, then the directory cannot be browsed.

That should do the trick. (I'm not in front of my Linux box, so please let me know if this doesn't work.)

A pretty good summary of the differences between file permissions and directory permissions can be found here:

http://www.washington.edu/computing...ermissions.html

Cheers,
Tim

Stop messing with the permissions any further if you don't know what you are doing.

To stop a directory listing, simply put this line in your http://www.abcdom.com/images/.htaccess:

Options -Indexes

no more, no less. It's just that simple.

Thanks a million tkung! That's exactly what I wanted to know!

It is really great to have access to a body of such knowledgeable people who are willing to help others without being condescending.

Once again, many thanks!

rootdr