Reputation: 23311
How to stop Apache from listing the contents of my user directories
I recently ran some penetration testing software on my web site and was surprised for it to report that one of my directory listings was publicly accessible.
It is the directory of the root user which is available.
Results in this page content:
Index of /~root
* Parent Directory
* cgi-bin/
Platform: I am creating PHP websites, with Symfony on Linux with Apache.
Is this something that I can configure through Apache?
Upvotes: 1
Views: 555
Answers (2)
Reputation: 5104
There is a command in Apache that will make it show indexes.
Options +Indexes
Remove this, restart. This will make that url show a 403 Forbidden.
Upvotes: 1
Reputation: 10864
You could create a .htaccess file in that directory, or have a <directory>...</directory> block in your Apache configuration that specifies:
Options -Indexes
See the Apache options directive documentation for more details.
Upvotes: 4
Related Questions
- Disable directory listing on apache; but access to individual files should be allowed
- How can I get apache to list a folders contents?
- Cannot disable Directory Listing in httpd.conf
- Ubuntu - Prevent Linux/Apache users from listing anything but their home directory with PHP
- Stop directory listing without .htaccess in a PHP website
- How do I disable listing of directories in Apache?
- How to prevent directory browsing?
- Apache2: Disable directory listing globally
- Configuring Apache to allow disallow directory list
- Hide directories from listing, but don't disable directory listings