One of the "must do's" on setting a secure apache webserver environment is to disable directory browsing. As a default Apache will be compiled with this option enabled, but its always a good idea to get rid of this setting unless its really necessary.
If you are on an RPM installation of Apache you will find the apache configuration file probably here:
/etc/httpd/conf/httpd.conf
If you are using apache from the source tar balls probably you will find the configuration file here:
/usr/local/apache/conf/httpd.conf
Edit the httpd.conf file and scroll until you find a line like this:
Options All Indexes FollowSymLinks MultiViews
To disable directory browsing carefully remove the line that says: Indexes and leave the line like this:
Options All FollowSymLinks MultiViews
Restart your apache webserver and thats it
If you are on an RPM installation of Apache you will find the apache configuration file probably here:
/etc/httpd/conf/httpd.conf
If you are using apache from the source tar balls probably you will find the configuration file here:
/usr/local/apache/conf/httpd.conf
Edit the httpd.conf file and scroll until you find a line like this:
Options All Indexes FollowSymLinks MultiViews
To disable directory browsing carefully remove the line that says: Indexes and leave the line like this:
Options All FollowSymLinks MultiViews
Restart your apache webserver and thats it
Comments