Apache2 is the most popular web server in use today. The majority of the websites and web apps that are in operation are most likely running Apache2 web servers.
This brief tutorial is going to show you how to install Apache2 on Ubuntu 17.04 and how to disable directory listing or indexing to prevent exposing sensitive directories.
When you install Apache2 by default, all directories are exposed by default. All directories are indexed and listed by default.
One reason directory listing is bad is Apache2 automatically lists all the content of a directory if a file from the directory cannot be located when requested by a web browser. This can result in exposing information you want to keep private.
So, the best setup when using Apache2 is to turn this feature off. To do that, follow the steps below
First, install Apache2 on Ubuntu. The commands below show you how.
sudo apt-get update sudo apt-get install apache2
Disable Directory Listing
After installing Apache2, its configuration settings are set to list all directories automatically. This can be bad. The mod_autoindex module automatically generates a listing of all directory content.
If a web client requests a resource that’s not available in the directory, all the content in the directory will be listed instead.
Apache2 main global configuration file is highlighted below.
And the section of the settings that deal with listing directory in Apahce2 default root directory is this:
<Directory /var/www/> Options Indexes FollowSymLinks AllowOverride None Require all granted </Directory>
To disable directory listing, edit the setting to this:
<Directory /var/www/> Options FollowSymLinks AllowOverride None Require all granted </Directory>
Save the file and restart Apache2 to load the new configuration settings.
If you want to save time, just run the commands below to make the same change above. This one-line command will edit the configuration file and remove the word Indexes from the Options line.
sudo sed -i "s/Options Indexes FollowSymLinks/Options FollowSymLinks/" /etc/apache2/apache2.conf
Save the file and restart Apache2 and you’re done.
This post shows you how to install Apache2 and disable the directory listing in Ubuntu 17.04. Directory listing is a feature in Apache2 that automatically list directories when no files can be found in the directory.
This can lead to exposing sensitive information about a directory when this feature is enabled. It’s recommended to also disable it when running a public-facing website.