One of the “must do’s” on setting a secure apache webserver environment is to disable directory listing. As a default Apache will be compiled with this option enabled, but its always a good idea to get rid of this setting unless its really necessary.
If you are on an RPM installation of Apache you will find the apache configuration file probably here:
If you are using apache from the source tar balls probably you will find the configuration file here:
Using an editor like vi , edit the httpd.conf file and scroll until you find a line like this:
Options All Indexes FollowSymLinks MultiViews
To disable directory browsing carefully add – the line that says: Indexes and leave the line like this:
Options All -Indexes FollowSymLinks MultiViews
Restart your Apache webserver and that’s it.
For more Web security please read the following posts Protecting Your Web Server and Protecting Your Web Server Using Mod Security