Question regarding autoindexing by Apache 2

[FXT]

I was wondering how to find out whether my Apache installation is using the autoindexing feature of Apache. how can I reliably tell, whether it is on, and how can I disable it?

[topdog]

Search for "indexes" in your apache conf

[FXT]

Ah, thank you. I've found several instances of

Code:

Options Indexes

Can I just go ahead and change all to

Code:

Options -Indexes

?
For instance, in /usr/share/apache/icons? I did a Nikto scan before, and it complained about Directory Indexing there.

Edit:
After studying apache2.conf, I've found that ISPConfig has set Option -Indexes in all relevant directories for me, awesome!
Only question now is whether /icons can do with the same treatment, or whether I can screw up something by changing the option.

Anyone know?

[topdog]

Yes of cause you should do that if you dont want indexing at all. The icons are accessed by name so there is no need for directory indexing in that.

[FXT]

Thank you for the confirmation, -Indexes is set.

[topdog]

By the way are you doing that because of the recent vulnerability in the autoindex module ? Has it not been fixed with the most recent release ?

[FXT]

I'm doing it for no specific reason, just trying to go for a minimum of information disclosure. This setup is a sort of laboratory experiment in server security for private use.