3

I have the following .htaccess file used in the web home of Apache2 in a Docker container:

# allows HTML files to be interpretted as PHP files AddType application/x-httpd-php .html # allows redirect to *.html files without using the extension # e.g., http://example.com/foo will show http://example.com/foo.html <IfModule mod_rewrite.c> Options All RewriteEngine on RewriteBase / RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME}.html -f #RewriteRule !.*\.html$ %{REQUEST_FILENAME}.html [L] RewriteRule !.*\.html$ %{REQUEST_URI}.html [L] # causes redirect from HTTP to HTTPS RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} </IfModule> Options -Indexes # environament variables SetEnv DBL "mysql:dbname=roars;host=foo;port=3306" SetEnv DB_USER "bar" SetEnv DB_PASS "glorp"

The Options -Indexes directive is not keeping us from being able to view directories. All of the other directives work properly and when I use this .htaccess file outside of a Docker container it works appropriately by disallowing the viewing of a directory.

Have I done something wrong, or is this particular to Docker containers?

Improve this question
2
  • Are you sure this htaccess is being read? Commented Apr 27, 2016 at 19:28
  • 1
    Yes, because as stated all of the other directives work properly @anubhava Commented Apr 27, 2016 at 19:29

1 Answer 1

Reset to default
1

I found the issue in the default configuration file for Apache2 in the Docker container:

<VirtualHost *:80> ServerAdmin webmaster@localhost ServerName dev.f0o.com DocumentRoot /home/foo/src/www-server/ #ErrorLog ${APACHE_LOG_DIR}/error.log #CustomLog ${APACHE_LOG_DIR}/access.log combined ErrorLog /var/log/apache2/error.log CustomLog /var/log/apache2/access.log combined </VirtualHost> <Directory /home/foo/src/www-server/> # allow .htaccess overrides to work AllowOverride All DirectoryIndex login.html index.html index.php </Directory> # this matches a link to any device directory to the physical webui directory #AliasMatch ^/projects/([-\w]*)/css/(.*)$ /home/foo/src/www-server/static/css/$2 #AliasMatch ^/projects/([-\w]*)/fonts/(.*)$ /home/foo/src/www-server/static/fonts/$2 #AliasMatch ^/projects/([-\w]*)/images/(.*)$ /home/foo/src/www-server/static/images/$2 #AliasMatch ^/projects/([-\w]*)/lib/(.*)$ /home/foo/src/www-server/static/lib/$2 #AliasMatch ^/projects/([-\w]*)/scripts/(.*)$ /home/foo/src/www-server/static/scripts/$2 AliasMatch ^/projects/([-\w]*)/(.*)$ /home/foo/src/www-server/client/$2 <Directory /home/foo/src/www-server/client> DirectoryIndex home.html Options All AllowOverride All Require all granted </Directory>

Solution 1 - The issue was first noticed in /home/foo/src/www-server/client which has its own specific set of overrides at the end of the default configuration file. the directory listing was allowed because Options is set to All. Changing it to Options -Indexes fixed the issue.

Solution 2 - As an experiment I commented out the line starting with Options and the results were what I wanted, likely because the .htaccess file was allowed to perform its job without conflict from the default configuration file.

Because I am not, typically, a person who configures web servers I am sure there might be better ways to solve the issue given the set of known's we have now. Those with more expertise in Apache web server configuration may have more elegant solutions.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.