htaccess - Allow viewing of index.html via www.example.com/foo instead of www.example.com/foo/index.html

Question

So I have a hypothetical folder on my website protected by Deny from all on my .htaccess file. I have coded an exception as below:

<files index.html>
order allow,deny
Allow from all
</files>

If a user types www.example.com/path/index.html they are able to see the webpage just fine. However, if they go by the more "user-friendly" approach and type www.example.com/path they are given a 403 Forbidden error. Since both paths are accessing the same file, I fail to see how one would work and another would not. There are no other index files in the directory that could potentially be interfering with index.html. Is there a way to configure .htaccess in a way that allows this second path? Any solution is acceptable, including ones outside the realm of .htaccess; yes I have PHP, no I do not have AJAX.

Answer 1

When you specify just the bare directory mod_dir issues an internal subrequest for the DirectoryIndex (which I assume is configured to serve index.html in your case). "The problem" is that the <Files> directive is first processed before the subrequest occurs. But before this subrequest occurs the filename that the <Files> directive matches against has not yet been resolved; it is empty! So, we need to match against an empty filename.

However, once the subrequest for index.html (the DirectoryIndex) has occurred then the <Files> container is reprocessed (in a .htaccess context), but this time the filename has resolved to index.html. So, we need to match against index.html as well!

This can be accounted for by either having two <Files> containers. For example:

<Files "">
Order allow,deny
Allow from all
</Files>

<Files "index.html">
Order allow,deny
Allow from all
</Files>

Or (preferably) combining these into a single <FilesMatch> container (that accepts a regex as the argument). For example:

<FilesMatch ^(index\.html)?$>
Order allow,deny
Allow from all
</Files>

By making the filename optional (trailing ?) this effectively matches both passes: an empty filename and index.html.

Note that if both the URLs / and /index.html are available and serve the same content then you should canonicalise the URL in some way to avoid potential duplicate content issues. (Preferably a redirect from /index.html to /.)

---

...and type www.example.com/path

Just to clarify, if the user types www.example.com/path, where path is a filesystem directory and a trailing slash is omitted from the URL, then mod_dir will (by default) issue an external 301 redirect to www.example.com/path/ (with a trailing slash) in order to "fix" the URL. So the URL we are dealing with is really www.example.com/path/.

Answer 2

https://httpd.apache.org/docs/2.4/mod/mod_dir.html#directoryindex

"The DirectoryIndex directive sets the list of resources to look for, when the client requests an index of the directory by specifying a / at the end of the directory name..."

# Example A: Set index.html as an index page, then add index.php to that list as well.
<Directory "/foo">
    DirectoryIndex index.html
    DirectoryIndex index.php
</Directory>

# Example B: This is identical to example A, except it's done with a single directive.
<Directory "/foo">
    DirectoryIndex index.html index.php
</Directory>

# Example C: To replace the list, you must explicitly reset it first:
# In this example, only index.php will remain as an index resource.
<Directory "/foo">
    DirectoryIndex index.html
    DirectoryIndex disabled
    DirectoryIndex index.php
</Directory>`