So I heard from a few others after my recent blog post about my data server that they were not aware of the autoindex feature on Nginx (or any) web servers. So I though I would give a little more info on that.
Description from Nginx
ngx_http_autoindex_module module processes requests ending with the slash character (‘/’) and produces a directory listing. Usually a request is passed to the
ngx_http_autoindex_module module when the
ngx_http_index_module module cannot find an index file.
Description In English
What this means is that if you include
autoindex on in your Nginx vhost and also do not include an index file (index.html, index.php, etc), then Nginx will take it from there and output a basic listing of all the files in the directory.
Is that dangerous?
It can be, but also has valid uses. For example you may want to just list some simple files in a directory like I am. If this server ran PHP I would deffinitely not do this because clicking a link to a PHP file would then try and run that file if you did not have some precautions in place.
Who else does this?
A lot of people! In the right places it is very useful. If you use Linux you have probably seen it or seen a lot of links to sites that use it. For example when I was installing Ubuntu on my Citrix XenServer I pointed the install URL to http://archive.ubuntu.net/ubuntu/. Take a look at that page, it is an autoindex of the files served by Apache.
Subscribe to Patrick Garman
Get the latest posts delivered right to your inbox