Thursday, May 6, 2010

Hidden Apache directory listing

If you are on an RPM installation of Apache (which i dont really recommend) you will find the apache configuration file probably here:

/etc/httpd/conf/httpd.conf

If you are using apache from the source tar balls ( like real men ) probably you will find the configuration file here:

/usr/local/apache/conf/httpd.conf

Using an editor like vi , edit the httpd.conf file and scroll until you find a line like this:

Options All Indexes FollowSymLinks MultiViews

To disable directory browsing carefully remove the line that says: Indexes and leave the line like this:

Options All FollowSymLinks MultiViews

Restart your apache webserver and thats it

reference http://www.felipecruz.com/blog_disable-directory-listing-browsing-apache.php

No comments:

Post a Comment