Sometimes a problem persists long enough—is an irritant long enough—that I’ll burn an entire Sunday morning simply out of spite. Today’s irrational time-waste went to solving “Directory index forbidden by Options directive.”
[marmaduke ~] $ cat /var/log/httpd/error_log \
| grep '\[error\]' \
| head -1
[Sun Dec 06 09:25:05 2009] [error] [client 192.168.2.29]↩
Directory index forbidden by Options directive:↩
/var/www/documentation/public_html/
I have a development server that I use to offload work from my laptop.
[marmaduke ~] $ hostname
marmaduke
[marmaduke ~] $ cat /etc/redhat-release
CentOS release 5.4 (Final)
Among other things, marmaduke hosts scads of apache virtual hosts, including documentation. I’ve wanted to index the documentation directory for quite sometime but never could get apache configured to auto index.
Every configuration problem has already been solved by someone else. A quick search (apache+allow+directory+index) yielded surprisingly consistent instructions.
These instructions yielded consistent failure for me. I simply could not get auto indexing to work. Until now.
My apache installation is a basic yum install.
[marmaduke ~] $ yum list | grep httpd | grep installed
httpd.x86_64 2.2.3-31.el5.centos installed
httpd-devel.x86_64 2.2.3-31.el5.centos installed
httpd-manual.x86_64 2.2.3-31.el5.centos installed
I’ve extracted (below) a partial listing of relevant parts from the httpd.conf file.
I include configuration files from two directories: module configurations in /etc/httpd/conf.d/ and all virtual host configurations in /etc/httd/conf.d/hosts/.
For the most part, I leave httpd.conf untouched. Note that apache runs under the user and group named ‘apache’.
# /etc/httpd/conf/httpd.conf (partial listing)
Listen 80
Include conf.d/*.conf
Include conf.d/hosts/*.conf
User apache
Group apache
ServerName marmaduke:80
UseCanonicalName Off
DocumentRoot "/var/www/html"
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
DirectoryIndex index.html index.html.var
IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable
NameVirtualHost *:80
Permissions are important.
I place my documentation directories in /var/www/documentation/public_html and the entire tree from /var/www/documentation downwards has the same user and group name. All directories have 755 permission and all non-directories have 644 permission.
[marmaduke ~] $ ll /var/www
drwxr-xr-x 3 kelly apache 4096 Dec 6 09:23 documentation
[marmaduke ~] $ ll /var/www/documentation
drwxr-xr-x 7 kelly apache 4096 Dec 6 11:51 public_html
[marmaduke ~] $ ll /var/www/documentation/public_html
-rw-r--r-- 1 kelly apache 5174 Dec 6 09:33 favicon.ico
drwxr-xr-x 2 kelly apache 4096 Dec 6 09:21 icecast-2.3.2
drwxr-xr-x 3 kelly apache 4096 Dec 6 12:00 mysql-5.0
drwxr-xr-x 4 kelly apache 4096 Dec 6 11:50 mysql-5.1
drwxr-xr-x 3 kelly apache 4096 Dec 6 11:51 mysql-5.4
drwxr-xr-x 3 kelly apache 4096 Dec 6 11:51 mysql-5.5
[marmaduke ~] $ ll /var/www/documentation/public_html/mysql-5.0
drwxr-xr-x 3 kelly apache 4096 Dec 6 10:05 en
My virtual host enables indexing through the Directory directive. So far, this is consistent with most of the instructions found through web search. Yet, auto indexing still didn’t work for me.
# /etc/httpd/conf.d/hosts/documentation.conf
<VirtualHost *:80>
DocumentRoot /var/www/documentation/public_html
ServerName documentation.site
Options Indexes FollowSymLinks
<Directory "/var/www/documentation/public_html">
Options Indexes FollowSymLinks
Order allow,deny
Allow from all
</Directory>
RewriteEngine on
RewriteLogLevel 1
</VirtualHost>
It turns out that there is a nastly little surprise in one of the configuration files that comes standard with the centos yum install.
Inside LocationMatch, there the Options directive turns off Indexes. From the apache documentation, “Regardless of any access restrictions placed in <Directory> sections, the <Location> section will be evaluated last…”
# /etc/httpd/conf.d/welcome.conf
<LocationMatch "^/+$">
# this is the culprit!
Options -Indexes
ErrorDocument 403 /error/noindex.html
</LocationMatch>
Since LocationMatch
is evaluated last, the -Indexes
parameter disables options set in any Directory
directive. Either changing the parameter -Indexes
to Indexes
or deleting the welcome.conf file will allow auto indexing (assuming the other configurations are correct).