31:
218:
255:
file exists within a given directory, the web server may be configured to provide an automatically generated listing of the files within the directory instead. With the Apache web server, for example, this behavior is provided by the mod_autoindex module and controlled by the
268:
are sometimes a security risk because they enumerate sensitive files which may not be intended for public access, in a process known as a directory indexing attack. Such a security misconfiguration may also assist in other attacks, such as a path or
513:
145:. It is possible to not use file extensions at all, and be neutral to content delivery methods, and set the server to automatically pick the best file through
484:
73:, but most modern HTTP servers offer a configurable list of filenames that the server can use as an index. If a server is configured to support
237:
411:
152:
If the server is unable to find a file with any of the names listed in its configuration, it may either return an error (usually
455:
429:
281:
When accessing a directory, the various available index methods may also have a different impact on usage of OS resources (
203:
Later web servers typically support this default file scheme in one form or another; this is usually configurable, with
505:
582:
46:
607:
270:
80:
54:
476:
661:
315:(when no index file exists) to let web server autogenerate directory listing by using its internal module;
176:
A scheme where web server serves a default file on per-subdirectory basis has been supported as early as
74:
50:
57:
that points to a directory structure instead of an actual web page within the directory structure, the
369:
30:
101:
447:
347:
77:, the list will usually include entries allowing dynamic content to be used as the index page (e.g.
245:
146:
115:
415:
393:
261:
222:
132:
108:
534:
217:
61:
will generally serve a default page, which is often referred to as a main or "index" page.
558:
631:
655:
241:
433:
318:
using an interpreted file read by web server internal program interpreter, e.g.:
37:, the index of Knowledge, a multilingual online encyclopedia. Here the website's
128:
185:
177:
161:
58:
233:
142:
38:
119:) even though it may be more appropriate to still specify the HTML output (
286:
157:
153:
17:
127:), as this should not be taken for granted. An example is the popular
448:"mod_dir - Apache HTTP Server Version 2.4 § DirectoryIndex Directive"
164:
listing the files in the directory. Usually this option, often named
216:
29:
244:. It is also possible to avoid this step, for example, by using
87:
68:
188:
since at least 2.17beta (5 April 1994), whose default supports
282:
94:
184:
file in the directory. This scheme has been then adopted by
559:"core - Apache HTTP Server Version 2.4 § Options Directive"
506:"Default Document <defaultDocument> | Microsoft Docs"
141:
directive in the main server configuration file or in the
325:using a CGI executable and compiled program, e.g.:
136:
135:, where the list of filenames is controlled by the
388:
386:
180:0.3beta (22 April 1993), which defaults to serve
535:"mod_autoindex - Apache HTTP Server Version 2.4"
394:"WWW-Talk Apr-Jun 1993: NCSA httpd version 0.3"
289:, etc.) and thus on web server performances.
34:
8:
372:. Apache foundation: HTTPd server project
311:using a web server feature usually named
339:
477:"NGINX Docs | Serving Static Content"
207:being one of the default file names.
143:configuration file for that directory
64:A common filename for such a page is
7:
608:"A6:2017-Security Misconfiguration"
196:in addition to the NCSA-originated
27:Index page of a website's directory
414:. January 31, 2009. Archived from
25:
304:using a static index file, e.g.:
41:offers many different languages.
516:from the original on 2020-12-08
487:from the original on 2020-11-11
458:from the original on 2020-11-12
432:. June 5, 1997. Archived from
348:"mod_dir - Apache HTTP Server"
236:of a website can be a menu of
1:
430:"Change History of W3C httpd"
260:directive in the web server
412:"NCSA HTTPd DirectoryIndex"
368:ASF Infrabot (2019-05-22).
154:403 Index Listing Forbidden
678:
300:method, here is the list:
271:directory traversal attack
240:for large sites that use
251:In cases where no known
168:, is also configurable.
229:
160:) or generate its own
42:
220:
75:server-side scripting
33:
418:on January 31, 2009.
370:"Directory listings"
49:client (generally a
398:1997.webhistory.org
262:configuration files
246:content negotiation
232:In some cases, the
147:content negotiation
510:docs.microsoft.com
350:. httpd.apache.org
266:directory listings
264:. These automated
230:
43:
35:www.wikipedia.org
16:(Redirected from
669:
646:
645:
643:
642:
632:"Path Traversal"
628:
622:
621:
619:
618:
604:
598:
597:
595:
594:
579:
573:
572:
570:
569:
563:httpd.apache.org
555:
549:
548:
546:
545:
539:httpd.apache.org
531:
525:
524:
522:
521:
502:
496:
495:
493:
492:
473:
467:
466:
464:
463:
452:httpd.apache.org
444:
438:
437:
436:on June 5, 1997.
426:
420:
419:
408:
402:
401:
390:
381:
380:
378:
377:
365:
359:
358:
356:
355:
344:
328:
321:
307:
292:Proceeding from
259:
258:Options +Indexes
254:
238:language options
206:
199:
195:
191:
183:
167:
140:
139:
126:
122:
118:
111:
104:
97:
90:
83:
72:
21:
677:
676:
672:
671:
670:
668:
667:
666:
652:
651:
650:
649:
640:
638:
630:
629:
625:
616:
614:
606:
605:
601:
592:
590:
581:
580:
576:
567:
565:
557:
556:
552:
543:
541:
533:
532:
528:
519:
517:
504:
503:
499:
490:
488:
475:
474:
470:
461:
459:
446:
445:
441:
428:
427:
423:
410:
409:
405:
392:
391:
384:
375:
373:
367:
366:
362:
353:
351:
346:
345:
341:
336:
326:
319:
305:
279:
257:
252:
215:
204:
197:
193:
189:
181:
174:
165:
137:
125:index.html.aspx
124:
120:
113:
106:
99:
92:
85:
78:
65:
28:
23:
22:
15:
12:
11:
5:
675:
673:
665:
664:
662:Web navigation
654:
653:
648:
647:
623:
599:
574:
550:
526:
497:
481:docs.nginx.com
468:
439:
421:
403:
382:
360:
338:
337:
335:
332:
331:
330:
323:
316:
309:
278:
275:
214:
213:Implementation
211:
173:
170:
138:DirectoryIndex
121:index.html.php
26:
24:
14:
13:
10:
9:
6:
4:
3:
2:
674:
663:
660:
659:
657:
637:
633:
627:
624:
613:
609:
603:
600:
588:
584:
578:
575:
564:
560:
554:
551:
540:
536:
530:
527:
515:
511:
507:
501:
498:
486:
482:
478:
472:
469:
457:
453:
449:
443:
440:
435:
431:
425:
422:
417:
413:
407:
404:
399:
395:
389:
387:
383:
371:
364:
361:
349:
343:
340:
333:
324:
317:
314:
310:
303:
302:
301:
299:
295:
290:
288:
284:
276:
274:
272:
267:
263:
249:
247:
243:
239:
235:
227:
224:
219:
212:
210:
208:
201:
187:
179:
171:
169:
163:
159:
158:404 Not Found
155:
150:
148:
144:
134:
130:
117:
110:
103:
96:
89:
82:
76:
71:
70:
62:
60:
56:
53:) requests a
52:
48:
40:
36:
32:
19:
639:. Retrieved
635:
626:
615:. Retrieved
611:
602:
591:. Retrieved
589:. 2021-03-08
586:
577:
566:. Retrieved
562:
553:
542:. Retrieved
538:
529:
518:. Retrieved
509:
500:
489:. Retrieved
480:
471:
460:. Retrieved
451:
442:
434:the original
424:
416:the original
406:
397:
374:. Retrieved
363:
352:. Retrieved
342:
312:
297:
293:
291:
280:
277:Performances
265:
250:
242:geotargeting
231:
225:
209:
202:
194:welcome.html
190:Welcome.html
175:
151:
66:
63:
44:
131:web server
129:open source
51:web browser
641:2021-05-07
617:2021-05-07
593:2021-05-07
583:"IBM Docs"
568:2021-01-13
544:2021-01-13
520:2021-01-13
491:2021-01-13
462:2021-01-13
376:2021-11-16
354:2014-05-30
334:References
306:index.html
226:index page
205:index.html
198:index.html
186:CERN HTTPd
182:index.html
178:NCSA HTTPd
162:index page
59:web server
327:index.cgi
320:index.php
313:autoindex
234:home page
166:autoindex
39:home page
18:Index.php
656:Category
514:Archived
485:Archived
456:Archived
287:CPU time
114:default.
45:When an
308:, etc.;
298:slowest
294:fastest
253:index.*
172:History
223:Apache
133:Apache
107:index.
100:index.
93:index.
86:index.
79:index.
67:index.
636:OWASP
612:OWASP
102:shtml
192:and
69:html
47:HTTP
587:IBM
296:to
283:RAM
221:An
156:or
123:or
116:asp
109:jsp
95:php
81:cgi
55:URL
658::
634:.
610:.
585:.
561:.
537:.
512:.
508:.
483:.
479:.
454:.
450:.
396:.
385:^
285:,
273:.
248:.
200:.
149:.
112:,
105:,
98:,
91:,
88:pl
84:,
644:.
620:.
596:.
571:.
547:.
523:.
494:.
465:.
400:.
379:.
357:.
329:.
322:;
228:.
20:)
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.