add IndexForbiddenReturn404 to help silence scanners

author Eric Covener <covener@apache.org>

Thu, 21 Oct 2021 18:52:48 +0000 (18:52 +0000)

committer Eric Covener <covener@apache.org>

Thu, 21 Oct 2021 18:52:48 +0000 (18:52 +0000)
author Eric Covener <covener@apache.org>
Thu, 21 Oct 2021 18:52:48 +0000 (18:52 +0000)
committer Eric Covener <covener@apache.org>
Thu, 21 Oct 2021 18:52:48 +0000 (18:52 +0000)
diff --git a/changes-entries/IndexForbiddenReturn404.txt b/changes-entries/IndexForbiddenReturn404.txt

new file mode 100644 (file)

index 0000000..7f887e6
--- /dev/null
+++ b/changes-entries/IndexForbiddenReturn404.txt
@@ -0,0 +1,2 @@
+  *) mod_autoindex: Add "IndexForbiddenReturn404" to return 404 instead of a 
+     403 when Options does not included "indexes". [Eric Covener]
diff --git a/docs/manual/mod/mod_autoindex.xml b/docs/manual/mod/mod_autoindex.xml

index fb30f3c4db8d3075c8c5d611e34523dabf7b9593..a33639efdf24bdfabfe1f782e5643d9d1cc6624f 100644 (file)
--- a/docs/manual/mod/mod_autoindex.xml
+++ b/docs/manual/mod/mod_autoindex.xml
@@ -1124,4 +1124,22 @@ ReadmeName /include/FOOTER.html
  </usage>
  </directivesynopsis>
  
+<directivesynopsis>
+<name>IndexForbiddenReturn404</name>
+<description>Return an HTTP 404 error instead of Forbidden when options 
+don't permit directory listing</description>
+<syntax>IndexForbiddenReturn404 On|Off</syntax>
+<contextlist><context>server config</context><context>virtual host</context>
+<context>directory</context><context>.htaccess</context>
+</contextlist>
+<override>Indexes</override>
+<compatibility>Added in 2.5.1</compatibility>
+
+<usage>
+    <p>The <directive>IndexForbiddenReturn404</directive> directive controls whether 
+    this module returns an HTTP 404 status code instead of an HTTP 403 status code when the
+    <directive>Options</directive> does not allow indexes to be returned.  </p>
+</usage>
+</directivesynopsis>
+
  </modulesynopsis>
diff --git a/modules/generators/mod_autoindex.c b/modules/generators/mod_autoindex.c

index 84ec593b893d3dfab2faf7ec6c2eb7701f6fd1f4..f1c08b4b12c81025bb5dadee7d0c9d709b4a0798 100644 (file)
--- a/modules/generators/mod_autoindex.c
+++ b/modules/generators/mod_autoindex.c
@@ -133,6 +133,7 @@ typedef struct autoindex_config_struct {
      int desc_adjust;
      int icon_width;
      int icon_height;
+    int not_found;
      char default_keyid;
      char default_direction;
  
@@ -608,6 +609,11 @@ static const command_rec autoindex_cmds[] =
      AP_INIT_TAKE1("IndexHeadInsert", ap_set_string_slot,
                    (void *)APR_OFFSETOF(autoindex_config_rec, head_insert),
                    DIR_CMD_PERMS, "String to insert in HTML HEAD section"),
+    AP_INIT_FLAG("IndexForbiddenReturn404", ap_set_flag_slot,
+                 (void *)APR_OFFSETOF(autoindex_config_rec, not_found),
+                 DIR_CMD_PERMS,
+                 "Return 404 in place of 403 when Options doesn't allow indexes"),
+
      {NULL}
  };
  
@@ -2331,7 +2337,7 @@ static int handle_autoindex(request_rec *r)
                        "Options directive",
                         r->filename,
                         index_names ? index_names : "none");
-        return HTTP_FORBIDDEN;
+        return d->not_found ? HTTP_NOT_FOUND : HTTP_FORBIDDEN;
      }
  }
author	Eric Covener <covener@apache.org>
	Thu, 21 Oct 2021 18:52:48 +0000 (18:52 +0000)
committer	Eric Covener <covener@apache.org>
	Thu, 21 Oct 2021 18:52:48 +0000 (18:52 +0000)
changes-entries/IndexForbiddenReturn404.txt	[new file with mode: 0644]	patch \| blob
docs/manual/mod/mod_autoindex.xml		patch \| blob \| blame \| history
modules/generators/mod_autoindex.c		patch \| blob \| blame \| history