Tuesday, June 26, 2007

securing vps[4]: turn off directory browsing

Directory browsing is good for intranet with low security, as you do not need separate html coding to produce indexes. But for a web server it is not a good practice. In order to turn it off, edit default file in /etc/apache2/sites-available:

debian:~# cd /etc/apache2/sites-available/
debian:/etc/apache2/sites-available# vim default


add "-" before Indexes in line 11,

Options -Indexes FollowSymLinks MultiViews


don't forget to restart the apache.,

debian:/etc/apache2/sites-available# /etc/init.d/apache2 restart
Forcing reload of web server (apache2)....
debian:/etc/apache2/sites-available#


Now, you will get 403 Forbidden instead of the indexes page.

1 comment:

Anonymous said...

Thank you so much. I had been messing with this for a day now.