How to disable directory listing in APACHE

One of the “must do’s” on setting a secure apache webserver environment is to disable directory listing. As a default Apache will be compiled with this option enabled, but its always a good idea to get rid of this setting unless its really necessary.

If you are on an RPM installation of Apache you will find the apache configuration file probably here:

/etc/httpd/conf/httpd.conf

If you are using apache from the source tar balls probably you will find the configuration file here:

/usr/local/apache/conf/httpd.conf

Using an editor like vi , edit the httpd.conf file and scroll until you find a line like this:

Options All Indexes FollowSymLinks MultiViews

To disable directory browsing carefully add – the line that says: Indexes and leave the line like this:

Options All -Indexes FollowSymLinks MultiViews

Restart your Apache webserver and that’s it.

For more Web security please read the following posts Protecting Your Web Server and Protecting Your Web Server Using Mod Security

1 Comment

Leave a Reply

Your email address will not be published.


*


CommentLuv badge