Join Log in
Score:0
tgflash avatar Server

Apache Indexes Option works for HTTP but not for HTTPS

lk flag
tgflash

I am testing with a vanilla install of Rocky Linux 8.4 and Apache 2.4. I have a virtual host configured and working and I also configured Lets Encrypt cert via Certbot, this also works great.

I want to allow directory listings on a specific folder so have enabled Options Indexes, this works as expected via HTTP but via HTTPS I get 403 Forbidden. The Certbot script inserted the rewrite rule but I don't think that is the issue, I tried disabling that so I could test via HTTP and makes no difference but including it here in case it is infact relevant.

My virtual host conf looks like this:

<VirtualHost *:80>
    ServerName test.prot0type.com
    ServerAlias test.prot0type.com
    DocumentRoot /var/www/test.prot0type.com

    <Directory /var/www/test.prot0type.com/test>
        Options +Indexes
    </Directory>

    RewriteEngine on
    RewriteCond %{SERVER_NAME} =test.prot0type.com
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

<VirtualHost *:443>
    ServerName test.prot0type.com
    ServerAlias test.prot0type.com
    DocumentRoot /var/www/test.prot0type.com

    <Directory /var/www/test.prot0type.com/test>
        Options +Indexes
    </Directory>

</VirtualHost>

Accessing http://test.prot0type.com/test/ works as expected.

Accessing https://test.prot0type.com/test/ results in 403 and in the error log I get:

Cannot serve directory /var/www/test.prot0type.com/test/: No matching DirectoryIndex (index.html) found, and server-generated directory index forbidden by Options directive

How do I find which Options directive is doing this? I have searched all the conf files but can't find it.

98
0 + 6
digijay avatar
mx flag
digijay
You don't seem to have a VirtualHost config for port 443, so you get a 403 if you are trying to connect to that port.
0
Reply
tgflash avatar
lk flag
tgflash
But it does server files over HTTPS for this virtual host. The only issue is that the +Indexes config only works for HTTP. I did try duplicating the virtual host config and changing the port to 443 but that doesn't work either. I think it must be that something is overriding the setting elsewhere in the config but I have searched all the files and can't find it. Is there a way to diagnose where a directive originates from?
0
Reply
tgflash avatar
lk flag
tgflash
Edited the original question to clarify how I have tested.
0
Reply
Michael Hampton avatar
cz flag
Michael Hampton
Please show the complete `<VirtualHost>` blocks.
1
Reply
digijay avatar
mx flag
digijay
The 443 config lacks the whole TLS/SSL Configuration (`SSLEngine On` etc.)
0
Reply
tgflash avatar
lk flag
tgflash
Ah! Thanks for the hints, I have now solved it. When checking the conf files I missed that the certbot script creates a separate ssl.conf for each virtual host and that was where the extra Options directive was. So in my example this file is called test.prot0type.com-le-ssl.conf So the solution was to edit the Virtual Host block in that file which is for the port 443 case so now directory listing works for both HHTP and HTTPS. Thanks to those that pointed me in the right direction!
1
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.