Directory index forbidden by Options directive
Either the main httpd.conf or the .htaccess file in this directory or a nearby parent directory probably includes:
Options -IndexesYour host may have to set it to +Indexes if you don't have access in .htaccess and want to list & browse the directory contents, absent a default index.html, index.php, etc. If the directory should not have a default file and you don't enable Indexes, you may only directly target the filenames of contents within it.
The Indexes option is commonly disabled by default on many Apache installations.
Full details are available in the Apache core documentation on Options
It means there's no default document in that directory (index.html, index.php, etc...). On most webservers, that would mean it would show a listing of the directory's contents. But showing that directory is forbidden by server configuration (Options -Indexes)
The Problem
Indexes visible in a web browser for directories that do not contain an index.html or index.php file.
I had a lot of trouble with the configuration on Scientific Linux's httpd web server to stop showing these indexes.
The Configuration that did not work
httpd.conf virtual host directory directives:
<Directory /home/mydomain.com/htdocs> Options FollowSymLinks AllowOverride all Require all granted</Directory>and the addition of the following line to .htaccess:
Options -IndexesDirectory indexes were still showing up. .htaccess settings weren't working!
How could that be, other settings in .htaccess were working, so why not this one? What's going? It should be working! %#$&^$%@# !!
The Fix
Change httpd.conf's Options line to:
Options +FollowSymLinksand restart the webserver.
From Apache's core mod page: ( https://httpd.apache.org/docs/2.4/mod/core.html#options )
Mixing Options with a + or - with those without is not valid syntax and will be rejected during server startup by the syntax check with an abort.
VoilĂ directory indexes were no longer showing up for directories that did not contain an index.html or index.php file.
Now What! A New Wrinkle
New entries started to show up in the 'error_log' when such a directory access was attempted:
[Fri Aug 19 02:57:39.922872 2016] [autoindex:error] [pid 12479] [client aaa.bbb.ccc.ddd:xxxxx] AH01276: Cannot serve directory /home/mydomain.com/htdocs/dir-without-index-file/: No matching DirectoryIndex (index.html,index.php) found, and server-generated directory index forbidden by Options directiveThis entry is from the Apache module 'autoindex' with a LogLevel of 'error' as indicated by [autoindex:error] of the error message---the format is [module_name:loglevel].
To stop these new entries from being logged, the LogLevel needs to be changed to a higher level (e.g. 'crit') to log fewer---only more serious error messages.
Apache 2.4 LogLevels
See Apache 2.4's core directives for LogLevel.
emerg, alert, crit, error, warn, notice, info, debug, trace1, trace2, trace3, tracr4, trace5, trace6, trace7, trace8
Each level deeper into the list logs all the messages of any previous level(s).
Apache 2.4's default level is 'warn'. Therefore, all messages classified as emerg, alert, crit, error, and warn are written to error_log.
Additional Fix to Stop New error_log Entries
Added the following line inside the <Directory>..</Directory> section of httpd.conf:
LogLevel critThe Solution 1
My virtual host's httpd.conf <Directory>..</Directory> configuration:
<Directory /home/mydomain.com/htdocs> Options +FollowSymLinks AllowOverride all Require all granted LogLevel crit</Directory>and adding to /home/mydomain.com/htdocs/.htaccess, the root directory of your website's .htaccess file:
Options -IndexesIf you don't mind the 'error' level messages, omit
LogLevel critScientific Linux - Solution 2 - Disables mod_autoindex
No more autoindex'ing of directories inside your web space. No changes to .htaccess. But, need access to the httpd configuration files in /etc/httpd
Edit /etc/httpd/conf.modules.d/00-base.conf and comment the line:
LoadModule autoindex_module modules/mod_autoindex.soby adding a # in front of it then save the file.
In the directory /etc/httpd/conf.d rename (mv)
sudo mv autoindex.conf autoindex.conf.<something_else>Restart httpd:
sudo httpd -k restartor
sudo apachectl restart
The autoindex_mod is now disabled.
Linux distros with ap2dismod/ap2enmod Commands
Disable autoindex module enter the command
sudo a2dismod autoindexto enable autoindex module enter
sudo a2enmod autoindex