directory listings enabled in fog-installation



  • Hi there,

    not a real problem, just a question: Is it intended, that directory listings in apache are not disabled (at least for the / directory)? When I connect to / on the fog-ip via http I can see the directories html/ and fog/

    Cheers, Rainer


  • Developer

    Finally added the simple route of HTTP redirect via index.php (99a407e and ad2813ab).


  • Moderator

    @Sebastian-Roth I guess I would have to spin up a new FOG server to see what problem we are trying to solve. I know there are people using their fog server for more than just imaging. If the problem is just to keep people from getting a directory listing of the web server root or landing on http://<fog_server_ip> and seeing things we could just put a index.php file in there to redirect to the fog management interface.


  • Developer

    @developers @moderators Just stumbled upon this and was wondering if we consider adding this before the 1.5.9 release or not.


  • Developer

    @astrugatch @Kiweegie Looking at this topic again after a while I am wondering if we’d just use a simple redirect as mentioned before. I just tested adding the following line in FOG’s apache config:

    RedirectMatch "^/$" "/fog/"
    

    Fairly straight forward and I would hope this doesn’t cause issues for existing installs. Though I am not exactly sure as many people use their FOG server for booting Live distros and we don’t know for sure how they setup it up. But the rule is very distinct and shouldn’t cause problems I would think. Except if you use the apache webserver to serve another website on that same server.


  • Developer

    @Kiweegie Thanks for sharing your solution!

    Without having put in much though I’d probably just force a redirect from http://hostname/ to http://hostname/fog/



  • I’ve addressed this on my FOG servers as follows:

    First edit the FOG apache file at /etc/apache2/sites-available/001-fog.conf to enable htaccess to work

    Add a new <Directory> stanza linked to the root of the site underneath the existing <Directory> stanza so it looks like this:

    <Directory /var/www/fog/>
            DirectoryIndex index.php index.html index.htm
        </Directory>
        <Directory /var/www/>
            Options Indexes FollowSymLinks
            AllowOverride All
            Require all granted
        </Directory>
    

    Restart apache then create an htaccess file

    sudo systemctl restart apache2
    sudo vi /var/www/.htaccess
    

    Add the following and save

    Options -Indexes
    

    Now navigating to the root of your FOG server will give you permission denied

    56585ad2-f0bf-4e08-a8dc-4a7e17b848c3-image.png



  • @Sebastian-Roth

    This is actually a suggestion I had meant to bring up earlier. I briefly tested it but removed the config because I was unsure of compatibility but a redirect in the apache config to /fog might be worth while so a directory doesn’t need to be specified at all. Via either RedirectMatch or RewriteRule. I just don’t know what this will do to systems that have the client with /fog already hardcoded.


  • Developer

    @Tywyn Well it’s just one of those many things that need fixing but aren’t too pressing…


Log in to reply
 

310
Online

7.0k
Users

14.2k
Topics

134.3k
Posts