Access Keys:
Skip to content (Access Key - 0)

Why do I get "Forbidden" when trying to view a directory in my Athena locker over the web?

I had a directory which was publically readable on http://web.mit.edu/ or http://www.mit.edu/. When people visit the folder they get an error message instead of seeing an index list of the files.

Examples

The error for http://web.mit.edu/example/Public/ may say:

403 Forbidden

Forbidden

You don't have permission to access /example/Public/ on this server.

The error for http://www.mit.edu/~example/public/ may say:

MIT 403 Error - permission denied

permission denied

You do not have permission to access the requested url, or the server was unable to access the requested file.

Answer

In June 2015, there was a change with how the MIT web servers handle folders that have no index.html file. Be default, the MIT web server will no longer show an automatic index listing of your files. If you want the MIT web server to display a list of your files, you can turn on this option using a .htaccess.mit file with a special "Options line:

  1. create a file named .htaccess.mit in the folder that should be public.
  2. put a line into the .htaccess.mit file that says: 
    Options +Indexes
required AFS permission "system:anyuser read"
This feature still requires the directory to be readable by "system:anyuser". For more information, please see Who has permission to change files in a locker or website? and How do permissions work in AFS?

Step-by-step instructions for Athena

  1. Login to Athena
  2. At the prompt, navigate to the directory you want to change. For example, to change to your www directory: 
    cd ~/www
  3. Create a .htaccess.mit file if it doesn't already exist 
    touch .htaccess.mit
  4. add the line "Options +Indexes" 
     echo "Options +Indexes" >> .htaccess.mit
  5. Test your folder on the web to make sure the behavior is as you intend.

If you have any questions about how to make this change, please contact helpesk@mit.edu

Announcement regarding changes

Announcement email

Dear All,

On June 16, 2015, Information Systems & Technology (IS&T) will change
the default behavior of web.mit.edu by turning off the automatic
creation of a directory listing for websites.

Previously, if a website did not have an index page, web.mit.edu would
automatically generate a list of files and folders within the site that
a visitor would be able to browse.

Disabling this feature aligns with current security best practices to
protect data from accidental exposure.

This change will affect all sites hosted on web.mit.edu and in Athena
lockers; no effort is required from individual users.

If you have any questions please email helpdesk@mit.edu

IS&T Contributions

Documentation and information provided by IS&T staff members

Last Modified:

August 04, 2016

Get Help

Request help
from the Help Desk
Report a security incident
to the Security Team
Labels:
olc-afs olc-afs Delete
athena athena Delete
file file Delete
transfer transfer Delete
c-file-transfer c-file-transfer Delete
htaccess htaccess Delete
indexes indexes Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.
Feedback
This product/service is:
Easy to use
Average
Difficult to use
This article is:
Helpful
Inaccurate
Obsolete
Adaptavist Theme Builder (4.2.3) Powered by Atlassian Confluence 3.5.13, the Enterprise Wiki