Disable Directory Listing on apache2

As some of you may (or may not) know, by default apache2 allows something called “Directory Listing”. Essentially what this means is that when you visit your web server, if you browse to a directory within your www folder that does not contain an index page (index.php, index.htm, index.html, etc.), apache2 will actually spit out (or list) the entire contents of that folder. This should be a concern for anyone running a production server, and unless there is a specific need for directory listingĀ its always a good idea to disable it. There is tonnes of different opinions on whether or not its a security issue to leave it enabled, and to this I have to say to each their own. Personally I feel it is a security risk, but at best disabling it is simply security by obscurity.

continue reading