Skip to main content

Server Security - Disable Directory Listing

Directory Listing

Directory Listing is by default enabled in an apache server. This happens when there is no index.html file (default) available in the directory.

If there is no index file available in the directory then doesn’t understand which file to display so it displays all the files and folders in the directory.

Please see the below screenshot

The above image index file is the default file that is under the website folder. So when I will access my localhost with the following address – localhost/website1 or 192.168.1.2/website1 then it shows the following page.

It is actually showing the website because Apache knows exactly which file to display i.e. index.html

But in case I have renamed the index.html file to index1.html then let’s see what happens. So this time when I access my website1 folder again then it will show all the files and folders inside the website1 folder.

Files & Folders List

Prevention

In order to prevent this, you need to disable directory listing in httpd.conf file. Open httpd.conf file and locate <Directory “var/www/html”>

It will look like this

<Directory "R:/bitnami/apache2/htdocs">    #    # Possible values for the Options directive are "None", "All",    # or any combination of:    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews    #    # Note that "MultiViews" must be named *explicitly* --- "Options All"    # doesn't give it to you.    #    # The Options directive is both complicated and important.  Please see    # http://httpd.apache.org/docs/2.4/mod/core.html#options    # for more information.    #    Options Indexes FollowSymLinks    #    # AllowOverride controls what directives may be placed in .htaccess files.    # It can be "All", "None", or any combination of the keywords:    #   AllowOverride FileInfo AuthConfig Limit    #    #AllowOverride None    #    # Controls who can get stuff from this server.    #    Require all granted</Directory>

To disable the Directory listing add “-” sign
Options Indexes FollowSymLinks

Result:
Options -Indexes -FollowSymLinks

<Directory "R:/bitnami/apache2/htdocs">    #    # Possible values for the Options directive are "None", "All",    # or any combination of:    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews    #    # Note that "MultiViews" must be named *explicitly* --- "Options All"    # doesn't give it to you.    #    # The Options directive is both complicated and important.  Please see    # http://httpd.apache.org/docs/2.4/mod/core.html#options    # for more information.    #    Options -Indexes -FollowSymLinks    #    # AllowOverride controls what directives may be placed in .htaccess files.    # It can be "All", "None", or any combination of the keywords:    #   AllowOverride FileInfo AuthConfig Limit    #    #AllowOverride None    #    # Controls who can get stuff from this server.    #    Require all granted</Directory>

Now save the file and restart the server and try to access the folder. This time you will get forbidden message with 403 that means access is denied to see this directory

Forbidden 403 Error Code

Suggested Read: Server Security – Apache Web Server Hardening

Labels:

Comments

Post a Comment

Popular posts from this blog

3D ANALYZER SETTINGS

Settings for Prince of Persia Sands of Time Works with this game, u can try wid others also which are not in above list Performance section: -force zBuffer Hardware limits: -emulate HW TnL caps -emulate Pixel shader caps ANTI-DETECT MODE section: -shaders Z-buffer section: -24 bit zbuffer(with stencil) DirectX DeviceID’s section: NVIDIA GeForce Ti4600 Configuration: VendorID : 4318 Device ID :592 Works well in the following or higher configuration -Intel 865GSA motherboard, -512 MB RAM, -Pentium D dual core 2.66 GHz processor, -No graphics card required…….. have fun.
184 comments
Read more

Choosing the Best Motherboard

We will look at the various factors you should take into account when choosing your gaming motherboard, to ensure that you choose the best motherboard for your needs.If you think of the processor as the brain of a computer, then the motherboard could be described as the central nervous system, responsible for relaying information between all the internal components. In other words, it’s the hub of the computer, where all other components connect to. Since the motherboard is so crucial to your system, buying the best motherboard you can afford is a good investment. Select Your CPU First Before choosing your motherboard, you should have already chosen your CPU. If you haven’t already doneA motherboard will generally only support one type of processor, such as a Pentium 4 or Athlon 64. Different CPUs have connectors that vary physically from one another. So you can’t accidentally plug in the wrong processor into the wrong motherboard. Also, take note that many motherboards
Post a Comment
Read more

Choosing the Best CPU for Your Gaming Computer

Picking the latest, fastest or most expensive processor on the market won’t always result in the right CPU for your particular system. Some processors are designed to work with certain motherboards, so the CPU you choose will limit the type of motherboard you can get. The CPU (Central Processing Unit) is one of the most important components in any computer system. The CPU could be described as the brains of a computer. It contains the logic circuitry that performs the instructions of the software you run. The performance of your games and other applications will be directly related to this tiny little microprocessor. The Major Players: Intel and AMD Two companies dominate the CPU market, Intel and AMD (Advanced Micro Devices). Both companies make a range of different processor models.  For example, Intel have the Core i7 and Core i5 processor models, while AMD have the Athlon and Phenom series.  The Best CPU for Gaming If you’re a basic computer user and you don’t
14 comments
Read more