Question regarding autoindexing by Apache 2

Discussion in 'Server Operation' started by FXT, Jan 27, 2008.

  1. FXT

    FXT New Member

    I was wondering how to find out whether my Apache installation is using the autoindexing feature of Apache. how can I reliably tell, whether it is on, and how can I disable it?
     
  2. topdog

    topdog Active Member HowtoForge Supporter

    Search for "indexes" in your apache conf
     
  3. FXT

    FXT New Member

    Ah, thank you. I've found several instances of
    Code:
    Options Indexes
    
    Can I just go ahead and change all to

    Code:
    Options -Indexes
    
    ?
    For instance, in /usr/share/apache/icons? I did a Nikto scan before, and it complained about Directory Indexing there.

    Edit:
    After studying apache2.conf, I've found that ISPConfig has set Option -Indexes in all relevant directories for me, awesome!
    Only question now is whether /icons can do with the same treatment, or whether I can screw up something by changing the option.

    Anyone know?
     
    Last edited: Jan 27, 2008
  4. topdog

    topdog Active Member HowtoForge Supporter

    Yes of cause you should do that if you dont want indexing at all. The icons are accessed by name so there is no need for directory indexing in that.
     
  5. FXT

    FXT New Member

    Thank you for the confirmation, -Indexes is set.
     
  6. topdog

    topdog Active Member HowtoForge Supporter

    By the way are you doing that because of the recent vulnerability in the autoindex module ? Has it not been fixed with the most recent release ?
     
  7. FXT

    FXT New Member

    I'm doing it for no specific reason, just trying to go for a minimum of information disclosure. This setup is a sort of laboratory experiment in server security for private use.
     

Share This Page