Skip to main content

Server Security - Disable Directory Listing

Directory Listing

Directory Listing is by default enabled in an apache server. This happens when there is no index.html file (default) available in the directory.

If there is no index file available in the directory then doesn’t understand which file to display so it displays all the files and folders in the directory.

Please see the below screenshot

The above image index file is the default file that is under the website folder. So when I will access my localhost with the following address – localhost/website1 or 192.168.1.2/website1 then it shows the following page.

It is actually showing the website because Apache knows exactly which file to display i.e. index.html

But in case I have renamed the index.html file to index1.html then let’s see what happens. So this time when I access my website1 folder again then it will show all the files and folders inside the website1 folder.

Files & Folders List

Prevention

In order to prevent this, you need to disable directory listing in httpd.conf file. Open httpd.conf file and locate <Directory “var/www/html”>

It will look like this

<Directory "R:/bitnami/apache2/htdocs">    #    # Possible values for the Options directive are "None", "All",    # or any combination of:    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews    #    # Note that "MultiViews" must be named *explicitly* --- "Options All"    # doesn't give it to you.    #    # The Options directive is both complicated and important.  Please see    # http://httpd.apache.org/docs/2.4/mod/core.html#options    # for more information.    #    Options Indexes FollowSymLinks    #    # AllowOverride controls what directives may be placed in .htaccess files.    # It can be "All", "None", or any combination of the keywords:    #   AllowOverride FileInfo AuthConfig Limit    #    #AllowOverride None    #    # Controls who can get stuff from this server.    #    Require all granted</Directory>

To disable the Directory listing add “-” sign
Options Indexes FollowSymLinks

Result:
Options -Indexes -FollowSymLinks

<Directory "R:/bitnami/apache2/htdocs">    #    # Possible values for the Options directive are "None", "All",    # or any combination of:    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews    #    # Note that "MultiViews" must be named *explicitly* --- "Options All"    # doesn't give it to you.    #    # The Options directive is both complicated and important.  Please see    # http://httpd.apache.org/docs/2.4/mod/core.html#options    # for more information.    #    Options -Indexes -FollowSymLinks    #    # AllowOverride controls what directives may be placed in .htaccess files.    # It can be "All", "None", or any combination of the keywords:    #   AllowOverride FileInfo AuthConfig Limit    #    #AllowOverride None    #    # Controls who can get stuff from this server.    #    Require all granted</Directory>

Now save the file and restart the server and try to access the folder. This time you will get forbidden message with 403 that means access is denied to see this directory

Forbidden 403 Error Code

Suggested Read: Server Security – Apache Web Server Hardening

Labels

Labels:

Comments

Post a Comment

Popular posts from this blog

3D ANALYZER SETTINGS

Settings for Prince of Persia Sands of Time Works with this game, u can try wid others also which are not in above list Performance section: -force zBuffer Hardware limits: -emulate HW TnL caps -emulate Pixel shader caps ANTI-DETECT MODE section: -shaders Z-buffer section: -24 bit zbuffer(with stencil) DirectX DeviceID’s section: NVIDIA GeForce Ti4600 Configuration: VendorID : 4318 Device ID :592 Works well in the following or higher configuration -Intel 865GSA motherboard, -512 MB RAM, -Pentium D dual core 2.66 GHz processor, -No graphics card required…….. have fun.
184 comments
Read more

SMACKDOWN HERE COMES THE PAIN PCSX2 SETTINGS

Smack Down Here Comes The Pain Configuration: GRAPHICS-GSDX 1600(MSVC 15.00 SSSE3)0.1.15 CONTROLLERS-LILLY PAD 0.10.0 CDVDROM-EPP POLLING CDVD DRIVER 0.4.0 USB-USB NULL DRIVER 0.6.0 SOUND-SPU2-X1.1.0 SECOND CONTROLLER-LILLY PAD 0.10.0 DEV9-DEV9NULL DRIVER-0.4.0 FIRE WIRE-FWNULL DRIVER 0.5.0 BIOS-EUROPE V01.60(04/10/2001)CONSOLE SYSTEM REQUIREMENTS FOR PCSX2- MINIMUM - * Windows/Linux OS * CPU: Any that supports SSE2 (Pentium 4 and up, Athlon64 and up) * GPU: Any that supports Pixel Shader model 2.0, except Nvidia FX series (broken SM2.0, too slow anyway) * 512mb RAM (note Vista needs at least 2gb to run reliably) RECOMMENDED - * Windows Vista 32bit/64bit with the latest DirectX * CPU: Intel Core 2 Duo @ 3.2ghz or better * GPU: 8600gt or better (for Direct3D10 support) * RAM: 1gb on Linux/Windows XP, 2gb or more on Vista MY SYSTEM REQUIREMENTS WINDOWS XP SP3 PENTIUM DUAL CORE 2.6GHZ (E5300) 2GB RAM ZOTAC 8400GS 512MB DIRECT-X 9...
118 comments
Read more

$$$$$$$$10 reasons why PCs crash U must Know$$$$$$$

10 reasons why PCs crash U must Know Fatal error: the system has become unstable or is busy," it says. "Enter to return to Windows or press Control-Alt-Delete to restart your computer. If you do this you will lose any unsaved information in all open applications." You have just been struck by the Blue Screen of Death. Anyone who uses Mcft Windows will be familiar with this. What can you do? More importantly, how can you prevent it happening? 1 Hardware conflict The number one reason why Windows crashes is hardware conflict. Each hardware device communicates to other devices through an interrupt request channel (IRQ). These are supposed to be unique for each device. For example, a printer usually connects internally on IRQ 7. The keyboard usually uses IRQ 1 and the floppy disk drive IRQ 6. Each device will try to hog a single IRQ for itself. If there are a lot of devices, or if they are not installed properly, two of them may end up sharing the same IRQ number...
Post a Comment
Read more