What is apache autoindex and should I disable it?

About

Asked 26/2, 2015 at 20:15 Answered 26/2, 2015 at 20:18

Solved security pci-compliance mod-autoindex

I have a 3rd party client who did a PCI scan on their site. The report returned this:

web server autoindex enabled

What is this and is it safe to disable it? Does anyone know the safest way to disable it, and how I can check it has been disabled?

Ravage answered 26/2, 2015 at 20:15 Comment(0)

autoindex generates directory indexes, automatically, similar to the Unix ls command or the Win32 dir shell command. From:

http://httpd.apache.org/docs/2.2/mod/mod_autoindex.html

You'd comment out the line in your conf/http.conf that references mod_autoindex, and restart/reload the service.

The only reason you'd want this is if you want people browsing your web directories (eg, stripping off a resource, and navigating to the parent dir).

Irritative answered 26/2, 2015 at 20:18 Comment(2)

Under Debian/Ubuntu, just type sudo a2dismod autoindex – Godly 19/9, 2016 at 9:39

@OrtomalaLokni Running your command will respond with the somewhat scary message "This might result in unexpected behavior and should NOT be done unless you know exactly what you are doing!". As far as I can tell, there's no drawback in disabling the module (if you don't need directory listing that is). Thus, to get done with the task, simply force the disabling with sudo a2dismod -f autoindex. – Olimpiaolin 22/3, 2022 at 10:56

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags