I was wondering how to find out whether my Apache installation is using the autoindexing feature of Apache. how can I reliably tell, whether it is on, and how can I disable it?
Ah, thank you. I've found several instances of Code: Options Indexes Can I just go ahead and change all to Code: Options -Indexes ? For instance, in /usr/share/apache/icons? I did a Nikto scan before, and it complained about Directory Indexing there. Edit: After studying apache2.conf, I've found that ISPConfig has set Option -Indexes in all relevant directories for me, awesome! Only question now is whether /icons can do with the same treatment, or whether I can screw up something by changing the option. Anyone know?
Yes of cause you should do that if you dont want indexing at all. The icons are accessed by name so there is no need for directory indexing in that.
By the way are you doing that because of the recent vulnerability in the autoindex module ? Has it not been fixed with the most recent release ?
I'm doing it for no specific reason, just trying to go for a minimum of information disclosure. This setup is a sort of laboratory experiment in server security for private use.
