How to install Apache and Disable directory listing on Ubuntu

|

|

The article provides a tutorial on installing Apache2 on Ubuntu 17.04 and disabling the directory listing feature. Directory listing in Apache2 automatically reveals directory contents if a browser request can’t locate a file, potentially exposing sensitive information. Therefore, the author recommends disabling this feature for public websites.

Apache2 is the most popular web server in use today. Most websites and web apps in operation are likely running Apache2 web servers.

This brief tutorial will show you how to install Apache2 on Ubuntu 17.04 and turn off directory listing or indexing to prevent exposing sensitive directories.

When you install Apache2 by default, all directories are exposed by default. In addition, all directories are indexed and listed by default.

One reason directory listing is wrong is that Apache2 automatically lists all the content of a directory if a file from the directory cannot be located when requested by a web browser. This can result in exposing information you want to keep private.

So, the best setup when using Apache2 is to turn this feature off. To do that, follow the steps below.

Install Apache2

First, install Apache2 on Ubuntu. The commands below show you how.

sudo apt-get update
sudo apt-get install apache2

Disable Directory Listing

After installing Apache2, its configuration settings automatically list all directories. This cannot be good. The mod_autoindex module automatically generates a listing of all directory content.

If a web client requests a resource unavailable in the directory, all the content in the directory will be listed instead.

Apache2’s main global configuration file is highlighted below.

/etc/apache2/apache2.conf

The section of the settings that deal with listing directory in Apahce2 default root directory is this:

<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>

To turn off directory listing, edit the setting to this:

<Directory /var/www/>
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>

Then, save the file and restart Apache2 to load the new configuration settings.

If you want to save time, just run the commands below to make the exact change above. This one-line command will edit the configuration file and remove the word Indexes from the Options line.

sudo sed -i "s/Options Indexes FollowSymLinks/Options FollowSymLinks/" /etc/apache2/apache2.conf

Save the file and restart Apache2, and you’re done.

Summary:

This post shows you how to install Apache2 and turn off the directory listing in Ubuntu 17.04. Directory listing is a feature in Apache2 that automatically lists directories when no files can be found in the directory.

This can lead to exposing sensitive information about a directory when this feature is enabled. Therefore, turning it off when running a public-facing website is also recommended.

Enjoy!

Like this:



4 responses to “How to install Apache and Disable directory listing on Ubuntu”

  1. Pratik Luther Avatar
    Pratik Luther

    simpler way to do it is :

    sudo a2dismod autoindex

  2. john walker Avatar
    john walker

    Nice articale
    U can also using .htaccess file to disable or enable < href=”https://www.hostingride.in/content/how-to-disable-apache-directory-listing-or-indexing”>apache directory listing
    1. Open the .htaccess file with using this command.

    vim /var/www/html/.htaccess

    you need to add the line:-
    Options -Indexes
    and restart apache service with this command
    sudo service httpd restart

  3. wakibul Avatar
    wakibul

    Your email address will not be published. Required fields are marked

  4. Ravindra JAIN Avatar
    Ravindra JAIN

    thnak you

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.