Index page of a website's directory
When an
HTTP
client (generally a
web browser
) requests a
URL
that points to a directory structure instead of an actual web page within the directory structure, the
web server
will generally serve a default page, which is often referred to as a main or "index" page.
A common filename for such a page is
index.
html
, but most modern HTTP servers offer a configurable list of filenames that the server can use as an index. If a server is configured to support
server-side scripting
, the list will usually include entries allowing dynamic content to be used as the index page (e.g.
index.
cgi
,
index.
pl
,
index.
php
,
index.
shtml
,
index.
jsp
,
default.
asp
) even though it may be more appropriate to still specify the HTML output (
index.html.php
or
index.html.aspx
), as this should not be taken for granted. An example is the popular
open source
web server
Apache
, where the list of filenames is controlled by the
DirectoryIndex
[1]
directive in the main server configuration file or in the
configuration file for that directory
. It is possible to not use file extensions at all, and be neutral to content delivery methods, and set the server to automatically pick the best file through
content negotiation
.
If the server is unable to find a file with any of the names listed in its configuration, it may either return an error (usually
403 Index Listing Forbidden
or
404 Not Found
) or generate its own
index page
listing the files in the directory. Usually this option, often named
autoindex
, is also configurable.
[2]
History
[
edit
]
A scheme where web server serves a default file on per-subdirectory basis has been supported as early as
NCSA HTTPd
0.3beta (22 April 1993),
[3]
which defaults to serve
index.html
file in the directory.
[3]
[4]
This scheme has been then adopted by
CERN HTTPd
since at least 2.17beta (5 April 1994), whose default supports
Welcome.html
and
welcome.html
in addition to the NCSA-originated
index.html
.
[5]
Later web servers typically support this default file scheme in one form or another; this is usually configurable, with
index.html
being one of the default file names.
[6]
[7]
[8]
Implementation
[
edit
]
In some cases, the
home page
of a website can be a menu of
language options
for large sites that use
geotargeting
. It is also possible to avoid this step, for example, by using
content negotiation
.
In cases where no known
index.*
file exists within a given directory, the web server may be configured to provide an automatically generated listing of the files within the directory instead. With the Apache web server, for example, this behavior is provided by the mod_autoindex module
[9]
and controlled by the
Options +Indexes
directive
[10]
in the web server
configuration files
. These automated
directory listings
are sometimes a security risk because they enumerate sensitive files which may not be intended for public access, in a process known as a directory indexing attack.
[11]
Such a security misconfiguration
[12]
may also assist in other attacks, such as a path or
directory traversal attack
.
[13]
Performances
[
edit
]
When accessing a directory, the various available index methods may also have a different impact on usage of OS resources (
RAM
,
CPU time
, etc.) and thus on web server performances.
Proceeding from
fastest
to
slowest
method, here is the list:
- using a static index file, e.g.:
index.html
, etc.;
- using a web server feature usually named
autoindex
(when no index file exists) to let web server autogenerate directory listing by using its internal module;
- using an interpreted file read by web server internal program interpreter, e.g.:
index.php
;
- using a CGI executable and compiled program, e.g.:
index.cgi
.
References
[
edit
]