Access directory outside /site/ and /wire/

[Karl_T]

My site is building for website together with testing purpose. Designers often use the directories to display jpg, pdf or files to let clients to download.

After I move my site to be backed by PW, the directory URL is no longer accessible directly. (e.g. accessing mysite.com/test/ will display 1.jpg 2.jpg as a list)

The structure is as the following.

mysite/wire/

mysite/site/

mysite/test/ <--

When I access mysite.com/test/, I receive 403 Forbidden. I can only access file individually like mysite.com/test/1.jpg which is not user friendly if there are a lot of files.

Is there any method to open up the access? After a brief search, I cannot find a solution for this.

I have read through .htaccess but no luck as I am not familiar with it  (tried adding like RewriteCond %{REQUEST_FILENAME} !(^|/)test/ [OR])

 

While I have heard that open up the directory access is not quite safe, any other best practice suggestion is appreciated! Thanks!

[flydev]

Hello,

A solution should be to bootstrap ProcessWire, coding a function which list the all the files in the current directory and subdirectories. Also, writing a custom function give you full control over the listed files, by example, filtering the files by a given allowed extension.

You can test the following:

In your /test directory, create a file called index.php. In the index.php write the following the code :

<?php
include("../index.php"); // bootstrap ProcessWire

function scanDirectories($dir, $allowext, $recurse = false) {
    $retval = array();
    // add trailing slash if missing
    if(substr($dir, -1) != "/") $dir .= "/";
    // open pointer to directory and read list of files
    $d = @dir($dir) or die("Error: Failed opening directory $dir for reading.");
    while(false !== ($entry = $d->read())) {
      // skip hidden files
      if($entry[0] == ".") continue;
      if(is_dir("$dir$entry")) {
          if($recurse && is_readable("$dir$entry/")) {
              $retval = array_merge($retval, scanDirectories("$dir$entry/", $allowext, true));
          }
      } elseif(is_readable("$dir$entry")) {
          $ext = substr($entry, strrpos($entry, '.') + 1);
          if(in_array($ext, $allowext)) {
              $retval[] = array(
                  "name" => "$dir$entry",
                  "type" => mime_content_type("$dir$entry"),
                  "size" => filesize("$dir$entry"),
                  "lastmod" => filemtime("$dir$entry")
              );
          }
      }
    }
    $d->close();

    return $retval;
}
?>


<!DOCTYPE html>
<html lang="en">
<head>
    <meta http-equiv="content-type" content="text/html; charset=utf-8" />
    <title>Files list</title>

    <style type="text/css">
        body {
            padding: 5%;
            max-width: 1260px;
            margin: 0 auto;
        }
        table {
            width: 100%;
            border-top: 1px solid #000000;
            padding: 0;
            margin: 0;
            vertical-align: middle;
        }
        th, td {
            text-align: center;
            border-bottom: 1px solid #000000;
            border-left: 1px solid #000000;
            padding: 0;
            margin: 0;
        }
        th:nth-last-child(1), td:nth-last-child(1) {
            border-right: 1px solid #000000;
        }
    </style>

</head>
<body>
<h1>Files list</h1>

<?php
$rootdir = './'; // root directory
$ext = ['jpg', 'png', 'pdf']; // allowed extensions
$dirlist = scanDirectories("./", $ext, true);

// output file list as HTML table
echo   "<table cellpadding='0' cellspacing='0'>\n"
     . "<thead>\n"
     . "<tr><th></th><th>Name</th><th>Type</th><th>Size</th><th>Last Modified</th></tr>\n"
     . "</thead>\n"
     . "<tbody>\n";
foreach($dirlist as $file) {
    echo  "<tr>\n"
        . "<td><img src='{$file['name']}' width='32'></td>\n"
        . "<td><a href='{$file['name']}'>". basename($file['name'])."</a></td>\n"
        . "<td>{$file['type']}</td>\n"
        . "<td>{$file['size']}</td>\n"
        . "<td>".date('r', $file['lastmod'])."</td>\n"
        . "</tr>\n";
}
echo "</tbody>\n";
echo "</table>\n\n";

?>

</body>
</html>

Copy/Upload now some images or files in /test and visit your site at http://mysite/test/ to see the result.

 

@Karl_T code updated.

Edited July 8, 2016 by flydev
Code updated

[flydev]

Your clients can now download/view the files in the directories.

 

 

ps: I can't edit my previous post ?

[Soma]

It's the 

Options -Indexes

In the .htaccess that prevents directory listing.

[Karl_T]

Thanks flydev and Soma for kind replies. 

flydev's solution can help listing the files but the subdirectories are not accessible, but I learn a new way to display files, thanks!

 

And then I tried Soma's suggestion and disabled 

Options -Indexes

It is working as before in my localhost. However, when I move it to the hosting, it gives 

Forbidden

You don't have permission to access /test/ on this server.

 

I have same setting for both and not logged in as admin. Any suggestion? Thanks a lot!

 

[Soma]

Then it seems your server doesn't allow Directory listings +Indexes. Nothing to do with PW.

[horst]

I think you need explicitly set: Options Indexes

to allow it, and not to disable it. But it also can be that on this (shared?) host, you have no rights to change this. Just try if it work or contact the hosting support if they can enable it.

[Karl_T]

Thanks a lot! It works now after setting Options Indexes ! I have to try hard to know more about htaccess.

[Doug G]

Assuming you're usine Apache, it's better to use Options +Indexes, without the + you may reset other apache directives that are currently in effect.  Take a look about 2/3 of the way down this page:  https://httpd.apache.org/docs/2.4/mod/core.html#options