[Solved] Why I can see index of /apps/files/?

CrewDK · February 22, 2018, 6:59pm

Nextcloud version 13:
Operating system and version Ubuntu 16.04:
Apache or nginx version Apache 2.4.18:
PHP version 7.0.25:

The issue you are facing:
After fresh installing of nextcloud I suddenly found out that I can get access to /apps/files/ and /apps/ index pages.
Is it OK or i did something wrong?

Is this the first time you’ve seen this error? Y

Steps to replicate it:

Just delete index.php from url (http://next.mydomain.ru/index.php/apps/files/?dir=/&fileid=2 -> http://next.mydomain.ru/apps/files/?dir=/&fileid=2)

The output of your Nextcloud log in Admin > Logging:

There is nothing

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php
$CONFIG = array (
  'passwordsalt' => '...',
  'secret' => '...',
  'trusted_domains' =>.
  array (
    0 => 'next.mydomain.ru',
  ),
  'datadirectory' => '/var/www/next.mydomain.ru/data',
  'overwrite.cli.url' => 'http://next.mydomain.ru',
  'dbtype' => 'mysql',
  'version' => '13.0.0.14',
  'dbname' => 'dbname',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'dbusername',
  'dbpassword' => 'dbpass',
  'installed' => true,
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'memcache.distributed' => '\\OC\\Memcache\\Memcached',
  'memcached_servers' =>.
  array (
    0 =>.
    array (
      0 => 'localhost',
      1 => 11211,
    ),
  ),
  'instanceid' => '...',
);

The output of your Apache/nginx/system log in /var/log/____:

Apache errorlog is empty

stratege1401 · February 22, 2018, 8:17pm

your apache config is wrong or your htaccess files need some tweak ( add line: Options -Indexes )

For Server wide config check your apache2.conf for directory access

something like

<Directory />
        Options FollowSymLinks
        AllowOverride None
        Require all denied
</Directory>

<Directory /var/www/>
        Options Indexes FollowSymLinks  <--- deletes Indexes to deny ALL directories browsing abowe /var/www/
        AllowOverride None
        Require all granted
</Directory>

OR !!!

if you want to allow acces to some directory and deny some do for each directory:

Edit/Create an .htaccess file inside /directory_deny with this:

Options -Indexes

Options +Indexes <-- deny browsing
# or #
IndexIgnore * <-allow browsing, if  IndexIgnore *.zip *.txt the zip and txt will not be shown ... and if set as IndexOptions +FancyIndexing you will have more info like changes date ....

One directory after another …

Personaly, i deal on server wide config

CrewDK · February 22, 2018, 9:22pm

Thnx for answer. I found out what was my problem. I’m still not so “pro” with Linux so didn’t know that command cp -R doesn’t copy hidden files from source folder. So after copy unzipped folder I missed .htacces and some more files.