How to disable directory listing for specific directories in Apache?
Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
How to disable directory listing for specific directories in Apache?
Hello,
I'm using CentOS 8 x86_64 and my server hosting a WordPress website. I scanned my WordPress website with a security scanner and it found some vulnerabilities about directory listing. Some lines of my Virtual Host file are:
Code:
<Directory "/var/www/WP">
Options Indexes FollowSymLinks
AllowOverride all
Require all granted
</Directory>
Some of my WordPress directories are browsable and when I open the URLs, then the content of the directories displayed:
As the OP says they are running WordPress it's a fair assumption that index.php is configured as an index file.
While extremely unlikely, it is possible that index.html / index.htm isn't implemented / disabled
As the OP says they are running WordPress it's a fair assumption that index.php is configured as an index file.
While extremely unlikely, it is possible that index.html / index.htm isn't implemented / disabled
Sure, go messing around in your config file and disable it on an individual folder basis. Feel free to make life difficult for yourself by not going with a simple tried and tested solution.
You are restarting Apache every time you make a change, aren’t you? Don’t see a reason your config doesn’t work otherwise. Do you get any syntax errors?
Are you using symlinks to those directories? If so, see the fine print in the documentation for the Directory directive.
You are restarting Apache every time you make a change, aren’t you? Don’t see a reason your config doesn’t work otherwise. Do you get any syntax errors?
Are you using symlinks to those directories? If so, see the fine print in the documentation for the Directory directive.
You’ve been given a couple of the best solutions.
I restarted Apache service and it is OK.
Are below lines wrong?
I shudder to think that user's like this one are allowed to put their servers on the interwebz...
Seriously, a misconfigured server open to any clients is actively endangering all of the internet.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.