Wednesday, October 21, 2009

Apache: Directory Indexing Security - Part I

A Web Administrator do always need efficient weapon for securing his web server.One of the major aspect of Apache Security includes Directory Indexing.Today we will study regarding the major Directory Indexing Security aspects.

You might have noticed this entry at Line 288 of httpd.conf under /etc/httpd/conf directory as:

288 directory /
289 Options FollowSymLinks
290 AllowOverride None
291 /Directory

the default Apache access for Directory / is Allow from All

This entry needs to be understood more clearly if admin needs to secure his web server.

The above entry says " If you want to make sure that files outside of your web directory are not accessible,this is one for you".

Generally with Options we have Indexes as +Indexes and -Indexes. If we dont have any , it means its inaccessible.
The Directive means that / is inaccessible in any way thereby securing the access by external source other than DocumentRoot.

1 comment: