The default Apache will display the directory without a index.html entry in the current directory. Exposing the directory to the outside is very dangerous, the following actions prohibit Apache display directory, I hope the article will help you.
Go to Apache configuration file httpd.conf found:
The code is as follows |
Copy Code |
Options Indexes FollowSymLinks Modified to: Options FollowSymLinks |
In fact, indexes is removed, indexes indicates that the directory structure will be displayed if the current directory does not have index.html.
The code is as follows |
Copy Code |
1. Prohibit access to certain files/directories Add the Files option to control, such as not allowing access to the. inc extension file, to protect the PHP class library: <files ~ ". inc$" > Order Allow,deny Deny from all </Files> Prohibit access to certain specified directories: (regular match can be done with <DirectoryMatch>) <directory ~ "^/var/www/(. +/) *[0-9]{3}" > Order Allow,deny Deny from all </Directory> Prohibit by file matching, such as prohibiting all access to images: <filesmatch. (? i:gif|jpe?g|png) $> Order Allow,deny Deny from all </FilesMatch> Forbidden access for URL-relative paths: <Location/dir/> Order Allow,deny Deny from all </Location> |
Example configuration:
The code is as follows |
Copy Code |
<directory "E:/program files/apache software Foundation/apache2.2/htdocs" > # # Possible values for the Options directive is "None", "all", # or any combination of: # Indexes includes followsymlinks symlinksifownermatch execcgi multiviews # # Note that "MultiViews" must is named *explicitly*---"Options all" # doesn ' t give it to you. # # The Options directive is both complicated and important. Please see # http://httpd.apache.org/docs/2.2/mod/core.html#options # for more information. # This is the line, only the indexes can be removed #Options Indexes FollowSymLinks Options FollowSymLinks # # AllowOverride Controls What directives is placed in. htaccess files. # It can be ' all ', ' None ', or any combination of the keywords: # Options FileInfo authconfig Limit # AllowOverride None # # Controls who can get stuff from the this server. # Order Allow,deny Allow from all </Directory> It is recommended to set Apache to prohibit users from browsing directory content by default. |
Apache settings prohibit access to the Site directory (directory list display file)