Apache - Index of /

    I recently came across an Apache web server with a number of virtual hosts under /var/www.  Pointing a browser to the root, /var/www, would reveal all of the names of the virtual hosts on the server.  While not tragic, it does reveal some information that we would prefer not be visible to the general public.

    If we look under:  /etc/apache2/sites-available/ 

    We'll see the virtual host but in addition, we'll see 'default'.

    Using an editor, open 'default' and there will be a few lines near the top:


            <Directory /var/www/>

                    Options Indexes FollowSymLinks MultiViews

                    AllowOverride None

                    Order allow,deny

                    allow from all 


     By changing the above to the following:

             <Directory /var/www/>

                    Options -Indexes


     We prevent the directory listing.

    © 2020 sevenlayers.com