Skip to main content

Server Security - Disable Directory Listing

Directory Listing

Directory Listing is by default enabled in an apache server. This happens when there is no index.html file (default) available in the directory.

If there is no index file available in the directory then doesn’t understand which file to display so it displays all the files and folders in the directory.

Please see the below screenshot

The above image index file is the default file that is under the website folder. So when I will access my localhost with the following address – localhost/website1 or 192.168.1.2/website1 then it shows the following page.

It is actually showing the website because Apache knows exactly which file to display i.e. index.html

But in case I have renamed the index.html file to index1.html then let’s see what happens. So this time when I access my website1 folder again then it will show all the files and folders inside the website1 folder.

Files & Folders List

Prevention

In order to prevent this, you need to disable directory listing in httpd.conf file. Open httpd.conf file and locate <Directory “var/www/html”>

It will look like this

<Directory "R:/bitnami/apache2/htdocs">    #    # Possible values for the Options directive are "None", "All",    # or any combination of:    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews    #    # Note that "MultiViews" must be named *explicitly* --- "Options All"    # doesn't give it to you.    #    # The Options directive is both complicated and important.  Please see    # http://httpd.apache.org/docs/2.4/mod/core.html#options    # for more information.    #    Options Indexes FollowSymLinks    #    # AllowOverride controls what directives may be placed in .htaccess files.    # It can be "All", "None", or any combination of the keywords:    #   AllowOverride FileInfo AuthConfig Limit    #    #AllowOverride None    #    # Controls who can get stuff from this server.    #    Require all granted</Directory>

To disable the Directory listing add “-” sign
Options Indexes FollowSymLinks

Result:
Options -Indexes -FollowSymLinks

<Directory "R:/bitnami/apache2/htdocs">    #    # Possible values for the Options directive are "None", "All",    # or any combination of:    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews    #    # Note that "MultiViews" must be named *explicitly* --- "Options All"    # doesn't give it to you.    #    # The Options directive is both complicated and important.  Please see    # http://httpd.apache.org/docs/2.4/mod/core.html#options    # for more information.    #    Options -Indexes -FollowSymLinks    #    # AllowOverride controls what directives may be placed in .htaccess files.    # It can be "All", "None", or any combination of the keywords:    #   AllowOverride FileInfo AuthConfig Limit    #    #AllowOverride None    #    # Controls who can get stuff from this server.    #    Require all granted</Directory>

Now save the file and restart the server and try to access the folder. This time you will get forbidden message with 403 that means access is denied to see this directory

Forbidden 403 Error Code

Suggested Read: Server Security – Apache Web Server Hardening

Labels:

Comments

Post a Comment

Popular posts from this blog

Automation - Update Naukri Profile Using Selenium

Recently one of my friend came to me with a problem. He is looking out for new job but he feels quite boring to update  his profile on daily basis. As some people says updating profile in the morning gives you more calls as it keeps the newly updated profile on top (Although i don’t know whether naukri works this way or not 😀 ). As i was more interested to solve his problem.  After listening his problem i came to solution that instead of updating it manually lets make this job automatic. And it is quite interesting how we can automate our daily boring task with automation. Another day i came with the solution . And the solution was to make it automatic using selenium (Those who are not aware about selenium do check this link) In short, Selenium is a Testing automation Framework. And it is for automating web applications for testing purposes, but is certainly not limited to just that. Boring web-based administration tasks can (and should) also be automated as well....
Post a Comment
Read more

Mi Selfie Stick Tripod (Bluetooth Remote) Review

Hello Readers, Today in this article, I am going to review Mi Selfie Stick Tripod (Bluetooth Remote) . I have purchased this selfie stick 4 months back. So I thought I should share my experience with this selfie stick. Before getting into details let me list down some of its features and specification. Features Tripod Detachable Bluetooth remote Light and compact Aluminum rod 360-degree rotating phone holder Specs Color: Black & White Weight: 155 grams Version: Android 4.3 or higher, iOS 5.0 or higher Bluetooth version: 3.0 Battery life: up to 50,000 clicks and charging time 1 to 2 hours Review Looks: The product looks premium and also lightweight. The best thing it can hold any smartphone easily. I have tested this with mi and oneplus5 and this works great. Tripod: It also comes with built-in tripod stand so you fix your smartphone and click pictures using Bluetooth remote. You can also use this tripod to record youtube videos etc. Quality & Weight: Overall I am impressed with...
Post a Comment
Read more

Shut Down the Computer using notepad

Open notepad >> Write @echo off msg * I am tired. shutdown -c “So, Bye Bye dear” -s >> Save the File as AnyName.bat When you will open this file, your Computer will Shut down on its own after showing the message in it. NOTE: FOR EDUCATIONAL PURPOSE ONLY.I AM NOT RESPONSIBLE FOR IF ANYTHING GOES WRONG…. 
Post a Comment
Read more