I ran Nikto over my site and it showed that mysite.com/icons/ gave a directory listing, so does…
…how do we disable that?
.htaccess and use this “Options All -Indexes”
Sorry i’m stupid this morning, blame lack of first morning coffee. Didnt notice that icons are from apache so this is what you need to do on Centos:
- go to /etc/httpd/conf.d
- nano autoindex.conf (or any other editor)
- find line something like this “Options Indexes MultiViews FollowSymlinks”
- delete Indexes
- restart apache
- no more indexing (you will get 403)
Not sure for other OS but i think it should be the same.
Thanks Diabolico,
The listing results from an alias of the apache /icons/ folder - I “fixed” it by editing my httpd.conf file so it now contains…
#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "/var/www/html"
# New stuff \#
Alias /icons/ /user/www/icons/
<Directory "/var/www/icons">
Options -Indexes +MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
#end of new stuff