Showing posts with label Apache. Show all posts
Showing posts with label Apache. Show all posts

Thursday, November 21, 2013

Disable directory browsing in CentOs 6.4 apache/httpd

How to Disable directory browsing in apache httpd.conf ?


Answer: Actually you are totally right that you wish to disable this feature. One of the “must do’s” on setting a secure apache web server is to disable directory browsing. Usually apache comes with this feature enabled but its always a good idea to get it disabled unless you really need it.

First of all find where is the main apache’s config file httpd.conf is located. If you use Debian, it should be here: /etc/apache/httpd.conf. Using some file editor like Vim or Nano open this file and find the line that looks as follows:

Options Includes Indexes FollowSymLinks MultiViews

then remove word Indexes and save the file. The line should look like this one:

Options Includes FollowSymLinks MultiViews

for the subdomains:

To allow directory browsing for sub-domains and blocked in the main domain as become as follow.
Options Includes FollowSymLinks MultiViews
<VirtualHost *:80>
DocumentRoot "/var/www/downloads"
ServerName downloads.facebook.com
ErrorLog "logs/facebook"
CustomLog "logs/facebook_custom" common
<Directory "/var/www/downloads">
allow from all
Options +Indexes
</Directory>
</VirtualHost>

If no file from the DirectoryIndex directive can be located in the directory, then mod_autoindex can generate a listing of the directory contents. This is turned on and off using the Options directive. For example, to turn on directory listings for a particular directory, you can use:

<Directory /usr/local/apache2/htdocs/listme>
  Options +Indexes
</Directory>

To prevent directory listings (for security purposes, for example), you should remove the Indexes keyword from every Options directive in your configuration file. Or to prevent them only for a single directory, you can use:
<Directory /usr/local/apache2/htdocs/dontlistme>
  Options -Indexes
</Directory>