ramesh ramesh - 3 months ago 14
Python Question

Python flask: how to avoid users from browsing static directory

I followed digital ocean tutorial to deploy my Flask application using Apache server. Now the problem is when a user visits

mywebsite.com/static
, all the files in the static directory is available to that user. How to avoid users from browsing static directory?

My apache virtual host file looks this:

<VirtualHost *:80>
ServerName mywebsite.com
ServerAdmin admin@mywebsite.com
WSGIScriptAlias / /var/www/FlaskApp/flaskapp.wsgi
<Directory /var/www/FlaskApp/FlaskApp/>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/FlaskApp/FlaskApp/static
<Directory /var/www/FlaskApp/FlaskApp/static/>
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Answer

You can prevent generation of directory indexes with the Option -Indexes directive:

    <Directory /var/www/FlaskApp/FlaskApp/static/>
        Order allow,deny
        Allow from all
        Options -Indexes
    </Directory>

Alternatively, you can place this in an .htaccess file in the appropriate directory.

Comments