Apache2 is the most popular web server in use today. Most websites and web apps in operation are likely running Apache2 web servers.
This brief tutorial will show you how to install Apache2 on Ubuntu 17.04 and turn off directory listing or indexing to prevent exposing sensitive directories.
When you install Apache2 by default, all directories are exposed by default. In addition, all directories are indexed and listed by default.
One reason directory listing is wrong is that Apache2 automatically lists all the content of a directory if a file from the directory cannot be located when requested by a web browser. This can result in exposing information you want to keep private.
So, the best setup when using Apache2 is to turn this feature off. To do that, follow the steps below.
First, install Apache2 on Ubuntu. The commands below show you how.
sudo apt-get update sudo apt-get install apache2
Disable Directory Listing
After installing Apache2, its configuration settings automatically list all directories. This cannot be good. The mod_autoindex module automatically generates a listing of all directory content.
If a web client requests a resource unavailable in the directory, all the content in the directory will be listed instead.
Apache2’s main global configuration file is highlighted below.
The section of the settings that deal with listing directory in Apahce2 default root directory is this:
<Directory /var/www/> Options Indexes FollowSymLinks AllowOverride None Require all granted </Directory>
To turn off directory listing, edit the setting to this:
Require all granted
Then, save the file and restart Apache2 to load the new configuration settings.
If you want to save time, just run the commands below to make the exact change above. This one-line command will edit the configuration file and remove the word Indexes from the Options line.
sudo sed -i "s/Options Indexes FollowSymLinks/Options FollowSymLinks/" /etc/apache2/apache2.conf
Save the file and restart Apache2, and you’re done.
This post shows you how to install Apache2 and turn off the directory listing in Ubuntu 17.04. Directory listing is a feature in Apache2 that automatically lists directories when no files can be found in the directory.
This can lead to exposing sensitive information about a directory when this feature is enabled. Therefore, turning it off when running a public-facing website is also recommended.