As some of you may (or may not) know, by default apache2 allows something called “Directory Listing”. Essentially what this means is that when you visit your web server, if you browse to a directory within your www folder that does not contain an index page (index.php, index.htm, index.html, etc.), apache2 will actually spit out (or list) the entire contents of that folder. This should be a concern for anyone running a production server, and unless there is a specific need for directory listing its always a good idea to disable it. There is tonnes of different opinions on whether or not its a security issue to leave it enabled, and to this I have to say to each their own. Personally I feel it is a security risk, but at best disabling it is simply security by obscurity.