Web server directory index

When an HTTP customer generally a web browser requests the URL that points to a directory format instead of an actual web page within the directory structure, the web server will loosely serve a default page, which is often transmitted to as a leading or "index" page.

A common filename for such(a) a page is index.html, but most modern HTTP servers ad a configurable list of filenames that the server can use as an index. if a server is configured to support server-side scripting, the list will ordinarily include entries allowing dynamic content to be used as the index page e.g. , , , , , even though it may be more appropriate to still specify the HTML output index.html.php or index.html.aspx, as this should not be taken for granted. An example is the popular open source web server Apache, where the list of filenames is controlled by the DirectoryIndex directive in the leading server grouping file or in the configuration dossier for that directory. this is the possible to not usage file extensions at all, in addition to be neutral to content delivery methods, & set the server to automatically alternative the best dossier through content negotiation.

If the server is unable to find a file with any of the names pointed in its configuration, it may either return an error usually 403 Index Listing Forbidden or 404 not Found or generate its own index page listing the files in the directory. Usually this option, often named autoindex, is also configurable.

Implementation

In some cases, the home page of a website can be a menu of language options for large sites that use geotargeting. it is also possible to avoid this step, for example, by using content negotiation.

In cases where no known index.* file exists within a given directory, the web server may be configured to dispense an automatically generated listing of the files within the directory instead. With the Apache web server, for example, this behavior is produced by the mod_autoindex an fundamental or characteristic part of something abstract. and controlled by the Options +Indexes directive in the web server configuration files. These automated directory listings are sometimes a security risk because they enumerate sensitive files which may not be intended for public access, in a process known as a directory indexing attack. such(a) a security misconfiguration may also guide in other attacks, such as a path or directory traversal attack.