Category Ubuntu Linux

How to Install Apache and Disable Directory Listing on Ubuntu

Author Richard Published on 2 min read
pc 1776995 640
pc 1776995 640

Apache2 is the most popular web server in use today. Most websites and web apps in operation are likely running Apache2 web servers.

This brief tutorial will show you how to install Apache2 on Ubuntu 17.04 and turn off directory listing or indexing to prevent exposing sensitive directories.

When you install Apache2 by default, all directories are exposed by default. In addition, all directories are indexed and listed by default.

One reason directory listing is wrong is Apache2 automatically lists all the content of a directory if a file from the directory cannot be located when requested by a web browser. This can result in exposing information you want to keep private.

So, the best setup when using Apache2 is to turn this feature off. To do that, follow the steps below.

Install Apache2

First, install Apache2 on Ubuntu. The commands below show you how.

sudo apt-get update
sudo apt-get install apache2

Disable Directory Listing

After installing Apache2, its configuration settings automatically list all directories. This cannot be good. The mod_autoindex module automatically generates a listing of all directory content.

If a web client requests a resource unavailable in the directory, all the content in the directory will be listed instead.

Apache2’s main global configuration file is highlighted below.

/etc/apache2/apache2.conf

And the section of the settings that deal with listing directory in Apahce2 default root directory is this:

<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>

To turn off directory listing, edit the setting to this:

<Directory /var/www/>
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>

Then, save the file and restart Apache2 to load the new configuration settings.

If you want to save time, just run the commands below to make the exact change above. This one-line command will edit the configuration file and remove the word Indexes from the Options line.

sudo sed -i "s/Options Indexes FollowSymLinks/Options FollowSymLinks/" /etc/apache2/apache2.conf

Save the file and restart Apache2, and you’re done.

Summary:

This post shows you how to install Apache2 and turn off the directory listing in Ubuntu 17.04. Directory listing is a feature in Apache2 that automatically list directories when no files can be found in the directory.

This can lead to exposing sensitive information about a directory when this feature is enabled. Therefore, turning it off when running a public-facing website is also recommended.

Enjoy!

Posted by
Richard

I love computers; maybe way too much. What I learned I try to share at geekrewind.com.

You may also like

4 Comments

  1. Pratik Luther

    simpler way to do it is :

    sudo a2dismod autoindex

    Reply
  2. john walker

    Nice articale
    U can also using .htaccess file to disable or enable < href=”https://www.hostingride.in/content/how-to-disable-apache-directory-listing-or-indexing”>apache directory listing
    1. Open the .htaccess file with using this command.

    vim /var/www/html/.htaccess

    you need to add the line:-
    Options -Indexes
    and restart apache service with this command
    sudo service httpd restart

    Reply
  3. wakibul

    Your email address will not be published. Required fields are marked

    Reply
  4. Ravindra JAIN

    thnak you

    Reply

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: