A Web Administrator do always need efficient weapon for securing his web server.One of the major aspect of Apache Security includes Directory Indexing.Today we will study regarding the major Directory Indexing Security aspects.
You might have noticed this entry at Line 288 of httpd.conf under /etc/httpd/conf directory as:
288 directory /
289 Options FollowSymLinks
290 AllowOverride None
291 /Directory
the default Apache access for Directory / is Allow from All
This entry needs to be understood more clearly if admin needs to secure his web server.
The above entry says " If you want to make sure that files outside of your web directory are not accessible,this is one for you".
Generally with Options we have Indexes as +Indexes and -Indexes. If we dont have any , it means its inaccessible.
The Directive means that / is inaccessible in any way thereby securing the access by external source other than DocumentRoot.
Thanks for a great reaad
ReplyDelete