Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 27th January 2008, 22:29
FXT FXT is offline
Junior Member
 
Join Date: Jul 2007
Posts: 22
Thanks: 3
Thanked 0 Times in 0 Posts
Default Question regarding autoindexing by Apache 2

I was wondering how to find out whether my Apache installation is using the autoindexing feature of Apache. how can I reliably tell, whether it is on, and how can I disable it?
Reply With Quote
Sponsored Links
  #2  
Old 27th January 2008, 23:21
topdog topdog is offline
Senior Member
 
Join Date: Jan 2008
Location: South Africa
Posts: 1,352
Thanks: 0
Thanked 154 Times in 151 Posts
Default

Search for "indexes" in your apache conf
__________________
----
http://www.topdog.za.net - Got Linux problems ? - I can help.
http://www.baruwa.org - Try it.
Reply With Quote
  #3  
Old 27th January 2008, 23:36
FXT FXT is offline
Junior Member
 
Join Date: Jul 2007
Posts: 22
Thanks: 3
Thanked 0 Times in 0 Posts
Default

Ah, thank you. I've found several instances of
Code:
Options Indexes
Can I just go ahead and change all to

Code:
Options -Indexes
?
For instance, in /usr/share/apache/icons? I did a Nikto scan before, and it complained about Directory Indexing there.

Edit:
After studying apache2.conf, I've found that ISPConfig has set Option -Indexes in all relevant directories for me, awesome!
Only question now is whether /icons can do with the same treatment, or whether I can screw up something by changing the option.

Anyone know?

Last edited by FXT; 28th January 2008 at 00:02.
Reply With Quote
  #4  
Old 28th January 2008, 08:19
topdog topdog is offline
Senior Member
 
Join Date: Jan 2008
Location: South Africa
Posts: 1,352
Thanks: 0
Thanked 154 Times in 151 Posts
Default

Yes of cause you should do that if you dont want indexing at all. The icons are accessed by name so there is no need for directory indexing in that.
__________________
----
http://www.topdog.za.net - Got Linux problems ? - I can help.
http://www.baruwa.org - Try it.
Reply With Quote
  #5  
Old 28th January 2008, 10:19
FXT FXT is offline
Junior Member
 
Join Date: Jul 2007
Posts: 22
Thanks: 3
Thanked 0 Times in 0 Posts
Default

Thank you for the confirmation, -Indexes is set.
Reply With Quote
  #6  
Old 28th January 2008, 10:26
topdog topdog is offline
Senior Member
 
Join Date: Jan 2008
Location: South Africa
Posts: 1,352
Thanks: 0
Thanked 154 Times in 151 Posts
Default

By the way are you doing that because of the recent vulnerability in the autoindex module ? Has it not been fixed with the most recent release ?
__________________
----
http://www.topdog.za.net - Got Linux problems ? - I can help.
http://www.baruwa.org - Try it.
Reply With Quote
  #7  
Old 28th January 2008, 13:07
FXT FXT is offline
Junior Member
 
Join Date: Jul 2007
Posts: 22
Thanks: 3
Thanked 0 Times in 0 Posts
 
Default

I'm doing it for no specific reason, just trying to go for a minimum of information disclosure. This setup is a sort of laboratory experiment in server security for private use.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Double question: Apache mod_proxy and force connection over specific interface Nukien Server Operation 1 8th January 2008 01:16
Centos 4.4 32bit Hangs, High Server load 3cwired_com Server Operation 11 16th November 2006 16:47
question about high available nfs and apache Randy HOWTO-Related Questions 1 3rd November 2006 15:53
Problem with the installation of Dokeos (LMS) in ISPConfig jofranco General 4 28th April 2006 01:45
Apache log question arcejorge General 1 29th July 2005 10:43


All times are GMT +2. The time now is 19:53.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.