The Planet Forums > HOW: Turn off Indexes

The Planet Forums > Security > General Security > UNIX Security

SuperBaby

Sep 22 2006, 01:38 PM

When someone point to a directory without the index file, all files are listed. I know I can turn off Indexes using the Index Manager under cPanel. But how do I set it to OFF globally as system default?

James Erickson

Sep 22 2006, 02:12 PM

You would just need to set the default 'Options -Indexes' in the httpd.conf file. This would set it to OFF as default. Most virtual hosts have AllowOverride for Indexes, so you might want to disable this as well.

SuperBaby

Sep 22 2006, 02:25 PM

I tried changing the GREEN line below to:

Options All -Indexes

and the RED line to:

Options -Indexes FollowSymLinks MultiViews
or
Options FollowSymLinks MultiViews

No luck. Note: I did restart httpd after the changes.

QUOTE

# Each directory to which Apache has access, can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# First, we configure the "default" to be a very restrictive set of
# permissions.
#
<Directory />
Options All
AllowOverride All
</Directory>

#
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
#

#
# This should be changed to whatever you set DocumentRoot to.
#
<Directory "/usr/local/apache/htdocs">

#
# This may also be "None", "All", or any combination of "Indexes",
# "Includes", "FollowSymLinks", "ExecCGI", or "MultiViews".
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.

# doesn't give it to you.
#
Options Indexes FollowSymLinks MultiViews

#
# This controls which options the .htaccess files in directories can
# override. Can also be "All", or any combination of "Options", "FileInfo",
# "AuthConfig", and "Limit"
#
AllowOverride None

#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all
</Directory>

#
# UserDir: The name of the directory which is appended onto a user's home
# directory if a ~user request is received.

SuperBaby

Sep 22 2006, 02:44 PM

The only thing I managed to do is to place:

Options -Indexes

under .htaccess file and place this file under the root directory. This will turn off indexes for all subdirectory.

But it would be better if I can do it server-wide under httpd.conf.

dezignguy

Sep 25 2006, 04:17 PM

I tried the same thing you did... didn't work... so I did it this way:

CODE

#

# Control access to UserDir directories.

#

<Directory /home/*/public_html>

Options -Indexes

</Directory>

I put it below the standard Directory directives.

TheUniverses

Sep 25 2006, 08:50 PM

It appears thats for userdir's
So like /~user
Or am I reading that wrong

dezignguy

Sep 27 2006, 02:30 PM

No. All your websites should be in /home, under their usernames. This just turns off Indexes for /home/anyusername/public_html - the web accessible directories for your virtual hosted domains.

If your config is different, then change the directive accordingly.

jakejammin

Oct 27 2006, 03:32 AM

QUOTE (SuperBaby)

SuperBaby,
This can be done in the user's cPanel. It is up to the user to do have or not to have that option.

devGOD

Jan 25 2007, 08:13 PM

edit the /usr/local/apache/conf/access.conf file Options -Indexes
then restart apache

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.