Skip to main content

Server Security - Disable Directory Listing

Directory Listing

Directory Listing is by default enabled in an apache server. This happens when there is no index.html file (default) available in the directory.

If there is no index file available in the directory then doesn’t understand which file to display so it displays all the files and folders in the directory.

Please see the below screenshot

The above image index file is the default file that is under the website folder. So when I will access my localhost with the following address – localhost/website1 or 192.168.1.2/website1 then it shows the following page.

It is actually showing the website because Apache knows exactly which file to display i.e. index.html

But in case I have renamed the index.html file to index1.html then let’s see what happens. So this time when I access my website1 folder again then it will show all the files and folders inside the website1 folder.

Files & Folders List

Prevention

In order to prevent this, you need to disable directory listing in httpd.conf file. Open httpd.conf file and locate <Directory “var/www/html”>

It will look like this

<Directory "R:/bitnami/apache2/htdocs">    #    # Possible values for the Options directive are "None", "All",    # or any combination of:    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews    #    # Note that "MultiViews" must be named *explicitly* --- "Options All"    # doesn't give it to you.    #    # The Options directive is both complicated and important.  Please see    # http://httpd.apache.org/docs/2.4/mod/core.html#options    # for more information.    #    Options Indexes FollowSymLinks    #    # AllowOverride controls what directives may be placed in .htaccess files.    # It can be "All", "None", or any combination of the keywords:    #   AllowOverride FileInfo AuthConfig Limit    #    #AllowOverride None    #    # Controls who can get stuff from this server.    #    Require all granted</Directory>

To disable the Directory listing add “-” sign
Options Indexes FollowSymLinks

Result:
Options -Indexes -FollowSymLinks

<Directory "R:/bitnami/apache2/htdocs">    #    # Possible values for the Options directive are "None", "All",    # or any combination of:    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews    #    # Note that "MultiViews" must be named *explicitly* --- "Options All"    # doesn't give it to you.    #    # The Options directive is both complicated and important.  Please see    # http://httpd.apache.org/docs/2.4/mod/core.html#options    # for more information.    #    Options -Indexes -FollowSymLinks    #    # AllowOverride controls what directives may be placed in .htaccess files.    # It can be "All", "None", or any combination of the keywords:    #   AllowOverride FileInfo AuthConfig Limit    #    #AllowOverride None    #    # Controls who can get stuff from this server.    #    Require all granted</Directory>

Now save the file and restart the server and try to access the folder. This time you will get forbidden message with 403 that means access is denied to see this directory

Forbidden 403 Error Code

Suggested Read: Server Security – Apache Web Server Hardening

Labels:

Comments

Post a Comment

Popular posts from this blog

Automation - Update Naukri Profile Using Selenium

Recently one of my friend came to me with a problem. He is looking out for new job but he feels quite boring to update  his profile on daily basis. As some people says updating profile in the morning gives you more calls as it keeps the newly updated profile on top (Although i don’t know whether naukri works this way or not 😀 ). As i was more interested to solve his problem.  After listening his problem i came to solution that instead of updating it manually lets make this job automatic. And it is quite interesting how we can automate our daily boring task with automation. Another day i came with the solution . And the solution was to make it automatic using selenium (Those who are not aware about selenium do check this link) In short, Selenium is a Testing automation Framework. And it is for automating web applications for testing purposes, but is certainly not limited to just that. Boring web-based administration tasks can (and should) also be automated as well....
Post a Comment
Read more

OpenCV - Drawing a Circle with python

In this tutorial, I will show you how to draw a circle in OpenCV. OpenCV comes with lots of built-in functions that make our life easier especially when we are working on image processing .  And there is a function called circle in OpenCV which is used to draw a circle. This function takes following parameters: 1. Image : Takes an image object 2. Center : Center point coordinates 3. Radius : Radius of the circle 4. Color : Takes color in BGR format 5. Thickness : By default set to 1 (optional) 6. Line Type : By default set to 8-connected.It can also be  LINE_AA  or  4-connected  (Optional) 7. Shift:  Shifts fractional bits in the point coordinates of center and radius (Optional) Especially when we are creating closed shapes. Thickness plays an important role. Here if the negative thickness is passed in this function or any other function which creates a closed shape(rectangle, polygon, etc). Then it creates a filled shape (filled with color). Negative Thickness Filled Circle Positive ...
Post a Comment
Read more

PS3 - Dragon Ball Z Battle Of Z - RPCS3 Setting

Hi GuyZ, Today, I am going to show you, how to play PS3 games on PC using the RPCS3 Emulator. It is very easy to set up and play PS3 Games. I got to know about this emulator some time ago and I thought I should give it a try . Initially I was not sure that whether it would work or not. But at last, it worked. I found it very easy to set up and play PS3 games . Although this emulator is still in the development stage so you may encounter some errors. I haven’t got any errors. In this tutorial, I am using the PS3 PKG file. This emulator also supports dumping ps3 disc and ISO Images. Prerequisites: RPCS3 Emulator PS3 Update File Microsoft Visual C++ 2019 Redistributable PS3 .pkg and Rap File Important Tip Before downloading any game make sure it comes under the playable section of rpcs3 compatibility. To check which game you can play using RPCS3 click HERE. Games that are showing in the Playable Section are actually the games that are in running state and can be played using RPCS3 E...
Post a Comment
Read more