From: Eric Covener <covener@apache.org>
Date: Thu, 21 Oct 2021 18:52:48 +0000 (+0000)
Subject: add IndexForbiddenReturn404 to help silence scanners
X-Git-Tag: 2.5.0-alpha2-ci-test-only~726
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9c14928e7961060376cefbdd2274ab3c3facecd0;p=thirdparty%2Fapache%2Fhttpd.git

add IndexForbiddenReturn404 to help silence scanners


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1894455 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/changes-entries/IndexForbiddenReturn404.txt b/changes-entries/IndexForbiddenReturn404.txt
new file mode 100644
index 00000000000..7f887e63bf5
--- /dev/null
+++ b/changes-entries/IndexForbiddenReturn404.txt
@@ -0,0 +1,2 @@
+  *) mod_autoindex: Add "IndexForbiddenReturn404" to return 404 instead of a 
+     403 when Options does not included "indexes". [Eric Covener]
diff --git a/docs/manual/mod/mod_autoindex.xml b/docs/manual/mod/mod_autoindex.xml
index fb30f3c4db8..a33639efdf2 100644
--- a/docs/manual/mod/mod_autoindex.xml
+++ b/docs/manual/mod/mod_autoindex.xml
@@ -1124,4 +1124,22 @@ ReadmeName /include/FOOTER.html
 </usage>
 </directivesynopsis>
 
+<directivesynopsis>
+<name>IndexForbiddenReturn404</name>
+<description>Return an HTTP 404 error instead of Forbidden when options 
+don't permit directory listing</description>
+<syntax>IndexForbiddenReturn404 On|Off</syntax>
+<contextlist><context>server config</context><context>virtual host</context>
+<context>directory</context><context>.htaccess</context>
+</contextlist>
+<override>Indexes</override>
+<compatibility>Added in 2.5.1</compatibility>
+
+<usage>
+    <p>The <directive>IndexForbiddenReturn404</directive> directive controls whether 
+    this module returns an HTTP 404 status code instead of an HTTP 403 status code when the
+    <directive>Options</directive> does not allow indexes to be returned.  </p>
+</usage>
+</directivesynopsis>
+
 </modulesynopsis>
diff --git a/modules/generators/mod_autoindex.c b/modules/generators/mod_autoindex.c
index 84ec593b893..f1c08b4b12c 100644
--- a/modules/generators/mod_autoindex.c
+++ b/modules/generators/mod_autoindex.c
@@ -133,6 +133,7 @@ typedef struct autoindex_config_struct {
     int desc_adjust;
     int icon_width;
     int icon_height;
+    int not_found;
     char default_keyid;
     char default_direction;
 
@@ -608,6 +609,11 @@ static const command_rec autoindex_cmds[] =
     AP_INIT_TAKE1("IndexHeadInsert", ap_set_string_slot,
                   (void *)APR_OFFSETOF(autoindex_config_rec, head_insert),
                   DIR_CMD_PERMS, "String to insert in HTML HEAD section"),
+    AP_INIT_FLAG("IndexForbiddenReturn404", ap_set_flag_slot,
+                 (void *)APR_OFFSETOF(autoindex_config_rec, not_found),
+                 DIR_CMD_PERMS,
+                 "Return 404 in place of 403 when Options doesn't allow indexes"),
+
     {NULL}
 };
 
@@ -2331,7 +2337,7 @@ static int handle_autoindex(request_rec *r)
                       "Options directive",
                        r->filename,
                        index_names ? index_names : "none");
-        return HTTP_FORBIDDEN;
+        return d->not_found ? HTTP_NOT_FOUND : HTTP_FORBIDDEN;
     }
 }