Apache Disable Directory Index
Enabling Apache Directory Index exposes a security vulnerability wherein accessing a URL lacking an index file reveals a directory listing of all files within. This presents a risk as it allows hackers to view the entire directory structure, compromising security. To prevent directory listings from being displayed, you can employ a couple of methods. One approach is to generate a file named either index.html or index.php, depending on the file name specified in the Apache DirectoryIndex directive, and leave it empty. Alternatively, you can disable directory indexing for the website within the Apache virtual host configuration. To do this, within the virtual host configuration file,
Options -Indexes
Here is an example apache configuration file
|
1 |
<VirtualHost *:80><br>ServerName fleetfoundation.com<br>ServerAlias www.fleetfoundation.com<br>ServerAdmin example@fleetfoundation.com<br>DocumentRoot /home/fleetfoundation.com/html<br>CustomLog ${APACHE_LOG_DIR}/fleetfoundation.com.log combined<br>ErrorLog ${APACHE_LOG_DIR}/fleetfoundation.com-error.log<br><Directory "/home/fleetfoundation.com/html"><br>Options All -Indexes<br>AllowOverride All<br>Require all granted<br>Order allow,deny<br>allow from all<br></Directory><br></VirtualHost><br> |
Method 2:
|
1 2 |
a2dismod autoindex -f systemctl restart apache2 |
https://fleetfoundation.com/2024/02/25/apache-disable-directory-index/
