for starters i have Options -Indexes set (as default) for all domains
so if i access domain.com/ (and theres no index.php) i get 403 forbidden, thats good for security
but with mod_userdir enabled (i like it) if i access
server.com/~user/ - i get a directory listing for domain.com …
its not too secure as result as my username are my domain names…
any work around to prevent the directory listing overide by mod_userdir ??
oh well i worked it out myself:
just had to go into Webmin->Servers->Apache
edit most likely top virtual server:
"Default Server Any Any Automatic Automatic"
edit per directory option:
“Directory /home/*/public_html Directory”
click “show directives”
click “Manually Edit Directives” button
youll end up with the raw text:
AllowOverride FileInfo AuthConfig Limit Indexes
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
<Limit GET POST OPTIONS>
Order allow,deny
Allow from all
</Limit>
<LimitExcept GET POST OPTIONS>
Order deny,allow
Deny from all
</LimitExcept>
edit this line:
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
change to:
Options MultiViews -Indexes SymLinksIfOwnerMatch IncludesNoExec
Save, and restart Apache.