On Wed, 2012-08-08 at 12:42 +0530, Kaushal Shriyan wrote:

> Hi,
> 
> What are the best practices followed to disable directory listing. Any
> pros and cons using .htacess file or any fool proof method to
> implement which takes care of security issues.
> Please help me understand.
> 


Well, I assume you are using the latest stable version of httpd, 2.4.2
so the minimum would be

<Directory />
    AllowOverride None
    Options None
    Require all denied
</Directory>

then assuming your websites are under /var/www

DocumentRoot "/var/www/html"

<Directory "/var/www">
    AllowOverride None
    Require all granted
</Directory>

Then, lets say you are using virtual hosts

<Directory /var/www/vhost/somedomain/www/html>
                AllowOverride AuthConfig
</Directory>
This above allows users to use .htaccess files, you introduce this at
the highest web access directory per vhost
you could, but it is very bad practise and more resource intense to put
this command in the /var/www/ example.

Please note, we are here to help, not hold your hand, if you had spent a
few minutes on google, you would have got this information much earlier.

And although not perfect, if you are using php, there are more tighter
restrictions you can apply depending on how you implement them, none of
these php restricting actions are fool proof and dont let any fanboy
tell you otherwise, each has its advantages and dis-advantages.

Npw after you have done your homework with google as your new best
friend, and he cant help you with a very specific question, plce another
request here,  people on any mailing list, have short patience levels
for tose that do not help themselves and expect everyone else to do it
all for them.

Enjoy.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to