autoindex
The 'autoindex' directive enables or disables directory indexing in NGINX.
Description
The 'autoindex' directive allows NGINX to generate and display a listing of files in a directory when there is no index file present. When enabled, if a user requests a directory without an index file (like index.html or index.htm), NGINX will return a sortable list of the files contained in that directory.
This directive can be set in various contexts: http, server, and location. By setting 'autoindex on', users can expose the contents of directories which may be useful for debugging, but could pose security risks if sensitive files are inadvertently exposed. The output can be customized through related directives such as 'autoindex_format' for different output formats (like a compact or full listing).
It’s important to configure directory permissions appropriately to avoid unauthorized access. When 'autoindex' is used in conjunction with access control directives like 'allow' and 'deny', it will apply the access rules to determine whether the request should be denied or granted before processing the index.
Config Example
location /files {
autoindex on;
}Enabling 'autoindex' may expose sensitive files to users if directory permissions are not properly set.
Directory listing might reveal the structure of your application, which can be a security concern in production environments.