{{short description|Index page of a website's directory}} [[File:Www.wikipedia.org screenshot 2018.png|thumb|[http://www.wikipedia.org www.wikipedia.org], the index of Wikipedia, a multilingual online encyclopedia. Here the website's home page offers many different languages.]]
When an HTTP client (generally a web browser) requests a URL that points to a directory structure instead of an actual web page within the directory structure, the web server will generally serve a default page, which is often referred to as a main or "index" page.
A common filename for such a page is <code>'''index.html'''</code>, but most modern HTTP servers offer a configurable list of filenames that the server can use as an index. If a server is configured to support server-side scripting, the list will usually include entries allowing dynamic content to be used as the index page (e.g. <code>index.cgi</code>, <code>index.pl</code>, <code>index.php</code>, <code>index.shtml</code>, <code>index.jsp</code>, <code>default.asp</code>) even though it may be more appropriate to still specify the HTML output (<code>index.html.php</code> or <code>index.html.aspx</code>), as this should not be taken for granted. An example is the popular open source web server Apache, where the list of filenames is controlled by the <syntaxhighlight lang="Apache" inline>DirectoryIndex</syntaxhighlight><ref>{{cite web|url=http://httpd.apache.org/docs/2.0/mod/mod_dir.html#directoryindex |title=mod_dir - Apache HTTP Server |publisher=httpd.apache.org |access-date=2014-05-30}}</ref> directive in the main server configuration file or in the configuration file for that directory. It is possible to not use file extensions at all, and be neutral to content delivery methods, and set the server to automatically pick the best file through content negotiation.
If the server is unable to find a file with any of the names listed in its configuration, it may either return an error (usually 403 Index Listing Forbidden or 404 Not Found) or generate its own index page listing the files in the directory. Usually this option, often named <code>autoindex</code>, is also configurable.<ref name="ws-directory-listings">{{Cite web|url=https://cwiki.apache.org/confluence/display/HTTPD/DirectoryListings|title=Directory listings|author=ASF Infrabot|publisher=Apache foundation: HTTPd server project|date=2019-05-22|access-date=2021-11-16|language=en}}</ref>
==History==
A scheme where web server serves a default file on per-subdirectory basis has been supported as early as NCSA HTTPd 0.3beta (22 April 1993),<ref name="ncsahttpd0.3beta">{{Cite web|url=http://1997.webhistory.org/www.lists/www-talk.1993q2/0135.html|title=WWW-Talk Apr-Jun 1993: NCSA httpd version 0.3|website=1997.webhistory.org}}</ref> which defaults to serve <code>index.html</code> file in the directory.<ref name="ncsahttpd0.3beta"/><ref>{{Cite web|url=http://hoohoo.ncsa.uiuc.edu/docs/setup/srm/DirectoryIndex.html|archive-url=https://web.archive.org/web/20090131074833/http://hoohoo.ncsa.uiuc.edu/docs/setup/srm/DirectoryIndex.html|url-status=dead|archive-date=January 31, 2009|title=NCSA HTTPd DirectoryIndex|date=January 31, 2009}}</ref> This scheme has been then adopted by CERN HTTPd since at least 2.17beta (5 April 1994), whose default supports <code>Welcome.html</code> and <code>welcome.html</code> in addition to the NCSA-originated <code>index.html</code>.<ref>{{Cite web|url=http://www.w3.org/pub/WWW/Daemon/Features.html|archive-url=https://web.archive.org/web/19970605110106/http://www.w3.org/pub/WWW/Daemon/Features.html|url-status=dead|archive-date=June 5, 1997|title=Change History of W3C httpd|date=June 5, 1997}}</ref>
Later web servers typically support this default file scheme in one form or another; this is usually configurable, with <code>index.html</code> being one of the default file names.<ref>{{Cite web|last=|first=|date=|title=mod_dir - Apache HTTP Server Version 2.4 § DirectoryIndex Directive|url=https://httpd.apache.org/docs/2.4/mod/mod_dir.html#directoryindex|url-status=live|archive-url=https://web.archive.org/web/20201112002816/https://httpd.apache.org/docs/2.4/mod/mod_dir.html|archive-date=2020-11-12|access-date=2021-01-13|website=httpd.apache.org}}</ref><ref>{{Cite web|last=|first=|date=|title=NGINX Docs {{!}} Serving Static Content|url=https://docs.nginx.com/nginx/admin-guide/web-server/serving-static-content/|url-status=live|archive-url=https://web.archive.org/web/20201111202956/https://docs.nginx.com/nginx/admin-guide/web-server/serving-static-content/|archive-date=2020-11-11|access-date=2021-01-13|website=docs.nginx.com}}</ref><ref>{{Cite web|last=|first=|date=|title=Default Document <defaultDocument> {{!}} Microsoft Docs|url=https://docs.microsoft.com/en-us/iis/configuration/system.webserver/defaultdocument/|url-status=live|archive-url=https://web.archive.org/web/20201208215905/https://docs.microsoft.com/en-us/iis/configuration/system.webserver/defaultdocument/|archive-date=2020-12-08|access-date=2021-01-13|website=docs.microsoft.com}}</ref>
{{anchor|Entrance}} <!-- preserve anchors to old section title -->
==Implementation== [[File:Web server directory list.png|thumb|An Apache '''index page'''.]]
In some cases, the home page of a website can be a menu of language options for large sites that use geotargeting. It is also possible to avoid this step, for example, by using content negotiation.
In cases where no known <code>index.*</code> file exists within a given directory, the web server may be configured to provide an automatically generated listing of the files within the directory instead. With the Apache web server, for example, this behavior is provided by the mod_autoindex module<ref>{{Cite web|last=|first=|date=|title=mod_autoindex - Apache HTTP Server Version 2.4|url=https://httpd.apache.org/docs/2.4/mod/mod_autoindex.html|archive-url=|archive-date=|access-date=2021-01-13|website=httpd.apache.org}}</ref> and controlled by the <code>Options +Indexes</code> directive<ref>{{Cite web|last=|first=|date=|title=core - Apache HTTP Server Version 2.4 § Options Directive|url=https://httpd.apache.org/docs/2.4/mod/core.html#options|archive-url=|archive-date=|access-date=2021-01-13|website=httpd.apache.org}}</ref> in the web server configuration files. These automated ''directory listings'' are sometimes a security risk because they enumerate sensitive files which may not be intended for public access, in a process known as a directory indexing attack.<ref name="IBM 2021">{{cite web | title=IBM Docs | website=IBM | date=2021-03-08 | url=https://www.ibm.com/docs/en/snips/4.6.0?topic=categories-directory-indexing-attacks | access-date=2021-05-07}}</ref> Such a security misconfiguration<ref name="OWASP">{{cite web | title=A6:2017-Security Misconfiguration | website=OWASP | url=https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html | access-date=2021-05-07}}</ref> may also assist in other attacks, such as a path or directory traversal attack.<ref name="OWASP2">{{cite web | title=Path Traversal | website=OWASP | url=https://owasp.org/www-community/attacks/Path_Traversal | access-date=2021-05-07}}</ref>
==Performances== When accessing a directory, the various available index methods may also have a different impact on usage of OS resources (RAM, CPU time, etc.) and thus on web server performances.
Proceeding from ''fastest'' to ''slowest'' method, here is the list: * using a static index file, e.g.: <code>index.html</code>, etc.; * using a web server feature usually named ''autoindex'' (when no index file exists) to let web server autogenerate directory listing by using its internal module; * using an interpreted file read by web server internal program interpreter, e.g.: <code>index.php</code>; * using a CGI executable and compiled program, e.g.: <code>index.cgi</code>.
==References== {{reflist}}
Category:Web navigation