Apache disable directory index

Written by

Yujin Boby

in

When Apache Directory Index is enabled, if you browse to a url that have no index file present, you will see list of all files. This is not good for securiy as hackers can see all files present in the directory.

apache directory index

One way to disable this directory listing is create a file with name index.html or index.php (whatever file name that is specified in Apache DirectoryIndex) with no content.

Another solution is to disable directory indexing for the web site in Apache virtual host configuration, for this, under Options -Indexes

Here is an example apache configuration file


    ServerName serverok.in
    ServerAlias www.serverok.in
    ServerAdmin [email protected]
    DocumentRoot /home/serverok.in/html
    CustomLog ${APACHE_LOG_DIR}/serverok.in.log combined
    ErrorLog ${APACHE_LOG_DIR}/serverok.in-error.log
    
        Options All -Indexes
        AllowOverride All
        Require all granted
        Order allow,deny
        allow from all

Method 2: disable autoindex module

Directory listing is generated by apache module mod_autoindex.

You can disable this module to disable directory listing generation

On Ubuntu/Debian

a2dismod autoindex -f
systemctl restart apache2

See Apache

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts