Qadry
unixcop Admin

How to Turn Off directory browsing on Apache and Nginx

Introduction

The directory content listing enabled by default when you install Apache web server, This may_be a desirable features in some scenarios, but it’s a potential security hole in others. It’s easy enough to turn this setting on or off for each website (virtual host) that you have set up.

In this guide, we’ll show you how to turn off directory browsing on Apache & Nginx web servers.

Disable the content listing on Apache

By default, content listing enabled. This means if you upload files to a directory, it will_be listed too as shown in the below screenshot

 Disabling the directory listing will make it harder for attackers to learn of your site’s directory structure and find sensitive files.

So, open the virtual host configuration file or the main configuration file of Apache according to your site confs files.

vim /etc/httpd/conf/httpd.conf

Then make the (Options) directive refers to -Indexes and (AllowOverride) to None as shown below

Save your changes to the file. Then restart Apache.

systemctl restart httpd

Now go to your path that contains the listing of your contents as shown below, You will get 403 forbidden error.

Disable the content listing on Nginx

Directory listing disabled by default on the Nginx configuration file.

However, it is possible to disable directory listing if it was enabled. The Nginx parameter autoindex is used together with the location segment to enable or disable the directory listing feature as shown below.

In this section, the determinant parameter is autoindex on.

In the above example, the directory listing configured only for the somedir directory. If no directory specified (e.g. location / {autoindex on;}), the rule will_be applied to all the folders.

Do not forget to run the below command in order for changes to go into effect:

systemctl restart nginx

Now the indexing is on for our example, so I will get access to all contents of the directory as shown below.

To disable directory listing, we need to switch the value of the autoindex to off.

Conclusion

In this guide, we shew you how to disable directory content listing in Apache and Nginx web servers. 

Thanks.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest articles

x