Skip to main content

Server Security - Disable Directory Listing

Directory Listing

Directory Listing is by default enabled in an apache server. This happens when there is no index.html file (default) available in the directory.

If there is no index file available in the directory then doesn’t understand which file to display so it displays all the files and folders in the directory.

Please see the below screenshot

The above image index file is the default file that is under the website folder. So when I will access my localhost with the following address – localhost/website1 or 192.168.1.2/website1 then it shows the following page.

It is actually showing the website because Apache knows exactly which file to display i.e. index.html

But in case I have renamed the index.html file to index1.html then let’s see what happens. So this time when I access my website1 folder again then it will show all the files and folders inside the website1 folder.

Files & Folders List

Prevention

In order to prevent this, you need to disable directory listing in httpd.conf file. Open httpd.conf file and locate <Directory “var/www/html”>

It will look like this

<Directory "R:/bitnami/apache2/htdocs">    #    # Possible values for the Options directive are "None", "All",    # or any combination of:    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews    #    # Note that "MultiViews" must be named *explicitly* --- "Options All"    # doesn't give it to you.    #    # The Options directive is both complicated and important.  Please see    # http://httpd.apache.org/docs/2.4/mod/core.html#options    # for more information.    #    Options Indexes FollowSymLinks    #    # AllowOverride controls what directives may be placed in .htaccess files.    # It can be "All", "None", or any combination of the keywords:    #   AllowOverride FileInfo AuthConfig Limit    #    #AllowOverride None    #    # Controls who can get stuff from this server.    #    Require all granted</Directory>

To disable the Directory listing add “-” sign
Options Indexes FollowSymLinks

Result:
Options -Indexes -FollowSymLinks

<Directory "R:/bitnami/apache2/htdocs">    #    # Possible values for the Options directive are "None", "All",    # or any combination of:    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews    #    # Note that "MultiViews" must be named *explicitly* --- "Options All"    # doesn't give it to you.    #    # The Options directive is both complicated and important.  Please see    # http://httpd.apache.org/docs/2.4/mod/core.html#options    # for more information.    #    Options -Indexes -FollowSymLinks    #    # AllowOverride controls what directives may be placed in .htaccess files.    # It can be "All", "None", or any combination of the keywords:    #   AllowOverride FileInfo AuthConfig Limit    #    #AllowOverride None    #    # Controls who can get stuff from this server.    #    Require all granted</Directory>

Now save the file and restart the server and try to access the folder. This time you will get forbidden message with 403 that means access is denied to see this directory

Forbidden 403 Error Code

Suggested Read: Server Security – Apache Web Server Hardening

Labels:

Comments

Post a Comment

Popular posts from this blog

3D ANALYZER SETTINGS

Settings for Prince of Persia Sands of Time Works with this game, u can try wid others also which are not in above list Performance section: -force zBuffer Hardware limits: -emulate HW TnL caps -emulate Pixel shader caps ANTI-DETECT MODE section: -shaders Z-buffer section: -24 bit zbuffer(with stencil) DirectX DeviceID’s section: NVIDIA GeForce Ti4600 Configuration: VendorID : 4318 Device ID :592 Works well in the following or higher configuration -Intel 865GSA motherboard, -512 MB RAM, -Pentium D dual core 2.66 GHz processor, -No graphics card required…….. have fun.
184 comments
Read more

SMACKDOWN HERE COMES THE PAIN PCSX2 SETTINGS

Smack Down Here Comes The Pain Configuration: GRAPHICS-GSDX 1600(MSVC 15.00 SSSE3)0.1.15 CONTROLLERS-LILLY PAD 0.10.0 CDVDROM-EPP POLLING CDVD DRIVER 0.4.0 USB-USB NULL DRIVER 0.6.0 SOUND-SPU2-X1.1.0 SECOND CONTROLLER-LILLY PAD 0.10.0 DEV9-DEV9NULL DRIVER-0.4.0 FIRE WIRE-FWNULL DRIVER 0.5.0 BIOS-EUROPE V01.60(04/10/2001)CONSOLE SYSTEM REQUIREMENTS FOR PCSX2- MINIMUM - * Windows/Linux OS * CPU: Any that supports SSE2 (Pentium 4 and up, Athlon64 and up) * GPU: Any that supports Pixel Shader model 2.0, except Nvidia FX series (broken SM2.0, too slow anyway) * 512mb RAM (note Vista needs at least 2gb to run reliably) RECOMMENDED - * Windows Vista 32bit/64bit with the latest DirectX * CPU: Intel Core 2 Duo @ 3.2ghz or better * GPU: 8600gt or better (for Direct3D10 support) * RAM: 1gb on Linux/Windows XP, 2gb or more on Vista MY SYSTEM REQUIREMENTS WINDOWS XP SP3 PENTIUM DUAL CORE 2.6GHZ (E5300) 2GB RAM ZOTAC 8400GS 512MB DIRECT-X 9...
118 comments
Read more

Choosing the Best CPU for Your Gaming Computer

Picking the latest, fastest or most expensive processor on the market won’t always result in the right CPU for your particular system. Some processors are designed to work with certain motherboards, so the CPU you choose will limit the type of motherboard you can get. The CPU (Central Processing Unit) is one of the most important components in any computer system. The CPU could be described as the brains of a computer. It contains the logic circuitry that performs the instructions of the software you run. The performance of your games and other applications will be directly related to this tiny little microprocessor. The Major Players: Intel and AMD Two companies dominate the CPU market, Intel and AMD (Advanced Micro Devices). Both companies make a range of different processor models.  For example, Intel have the Core i7 and Core i5 processor models, while AMD have the Athlon and Phenom series.  The Best CPU for Gaming If you’re a basic computer user and y...
14 comments
Read more