Monday, 14 August 2017

How to disable directory browsing in Apache/httpd?



How can we disable building of directory index in httpd? One of the most important settings in Apache to secure Apache web server is to disable directory browsing. To prevent the server from showing a listing of the existing files in case there is no index in one folder.
Usually Apache comes with this feature enabled but it’s always a good idea to get it disabled unless you really need it.

First of all find where the main Apache's config file httpd.conf is located. If we are using RHEL7/Centos7, it should be located under /etc/httpd/conf/httpd.conf. Using Vim or Nano open this file and find the line that looks as follows:

Options Indexes FollowSymLinks

Or

<Directory />
    Options Indexes FollowSymLinks
    AllowOverride None
</Directory>

Then remove word Indexes and save the file. The line should look like this one:

Options FollowSymLinks MultiViews

Or

<Directory />
    Options FollowSymLinks
    AllowOverride None
</Directory>

After it is done, restart apache (e.g. /etc/init.d/httpd restart). 

[root@linuxcnf ~]#/etc/init.d/httpd restart

That’s it! 

No comments:

Post a comment