turinglenditwwe Posted 7 hours ago Posted 7 hours ago (edited) Hi there! I am setting up somee WKD on my domain. I've got the following file structure /httpdocs/.well-known/openpgpkey/hu/ There are two keys inside /hu with their respective hashes as names, that's all okay. But, the validators I've tried are complaining about: Quote Directory Index - Listing is enabled The openpgpkey/hu directory must not be accessible. Ensure no index file is present and directory listing is disabled at: https://turinglen.site/.well-known/openpgpkey/hu/ So I've tried setting up a few htaccess, but haven't been able to get rid of that one. The email is turin@ my site. https://turinglen.site/ Here's the .htaccess files: root # BEGIN LSCACHE # END LSCACHE # BEGIN NON_LSCACHE # END NON_LSCACHE <IfModule mod_rewrite.c> RewriteEngine On # Block directory browsing in .well-known paths RewriteCond %{REQUEST_URI} ^/\.well-known(/openpgpkey(/hu)?)?/?$ RewriteRule ^ - [F,L] # Allow .well-known files to bypass WordPress RewriteRule ^\.well-known/.+ - [L] </IfModule> # BEGIN WordPress # The directives (lines) between "BEGIN WordPress" and "END WordPress" are # dynamically generated, and should only be modified via WordPress filters. # Any changes to the directives between these markers will be overwritten. <IfModule mod_rewrite.c> RewriteEngine On RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule> # END WordPress /.well-known has no .htaccess /.well-known/openpgpgkey has this: Options -Indexes # Deny all files by default <FilesMatch ".*"> Require all denied </FilesMatch> # Only allow the policy file <Files "policy"> Require all granted <IfModule mod_headers.c> Header set Access-Control-Allow-Origin "*" </IfModule> </Files> and finally /.well-known/openpgpkey/hu has this: Options -Indexes -MultiViews DirectorySlash Off # Deny all by default Require all denied # Only allow 32-character hash files <FilesMatch "^[a-z0-9]{32}$"> Require all granted <IfModule mod_headers.c> Header always set Access-Control-Allow-Origin "*" Header always set Content-Type "application/octet-stream" </IfModule> </FilesMatch> The two validators I tested that are throwing the error are: https://www.webkeydirectory.com/ and https://wkd.dp42.dev/. GPG succesfully locates the key on request (testing locally). I'm not sure what's up anymore with that error and what else I can do here (if anything). Appreciate any help with the .htaccess, I'm not fully sure what I'm doing there Edited 7 hours ago by turinglenditwwe Quote
wolstech Posted 43 minutes ago Posted 43 minutes ago The supported way to turn off directory listings on our service is to put an empty index.html file in the folder to hide the listing. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.