Linux Security: Disabling directory browsing in the apache config

An important task, or “must-do” when you are setting up a secure apache web server is to disable directory browsing.

Usually apache has this feature enabled, however it’s important to disable this unless it is definitely required.

Steps:

1. Find the location of the main apache config file httpd.conf

Typically this file will be located in a path like: /etc/apache/httpd.conf.

2. Edit this file using a text editor.

You will need root access to your Linux/Unix system in order to do this edit task.

Using your text editor, (eg gedit, vim or nano),  open httpd.conf and find the line that contains the following:

Options Includes Indexes FollowSymLinks MultiViews

then remove the word Indexes, then save the file.

The line should now appear like this:

Options Includes FollowSymLinks MultiViews

3. Restart the Apache web server.

Use the following command:

apache restart 

(e.g. /etc/init.d/apache restart),

or,      service httpd restart