问题
I recently ran some penetration testing software on my web site and was surprised for it to report that one of my directory listings was publicly accessible.
It is the directory of the root user which is available.
http://www.example.com/~root/
Results in this page content:
Index of /~root
* Parent Directory
* cgi-bin/
Platform: I am creating PHP websites, with Symfony on Linux with Apache.
Is this something that I can configure through Apache?
回答1:
You could create a .htaccess file in that directory, or have a <directory>...</directory> block in your Apache configuration that specifies:
Options -Indexes
See the Apache options directive documentation for more details.
回答2:
There is a command in Apache that will make it show indexes.
Options +Indexes
Remove this, restart. This will make that url show a 403 Forbidden.
来源:https://stackoverflow.com/questions/1845981/how-to-stop-apache-from-listing-the-contents-of-my-user-directories