31

I need to disable that indexing when I enter on my root directory on a apache2 server, any tips?

Lucas Famelli
  • 1,565
  • 2
  • 15
  • 23

6 Answers6

49

Edit your apache2 configuration file which normally is on the dir: "/etc/apache2/httpd.conf".

Add the following or edit if your already have some configurations for the default web server dir (/var/www):

 <Directory /var/www>
   Options -Indexes
   AllowOverride All
   Order allow,deny
   Allow from all
 </Directory>

This will disable the indexing to all the public directories.

joruro
  • 827
  • 1
  • 6
  • 10
  • 9
    In Ubuntu (and, supposedly, Debian) that's `/etc/apache2/apache2.conf`. Since Apache structure varies from distribution to distribution, I suggest searching for it with `grep -r "Directory /var/www" /etc/apache2`. – Jonathan Y. May 19 '16 at 17:50
  • AllowOverride All and Order and Allow is irrelevant for this. Also, the directives are outdated. See https://httpd.apache.org/docs/2.4/upgrading.html#run-time – Sybille Peters Jul 21 '22 at 00:26
28

Usually done like this:

Options -Indexes

The minus means "no"...

AJ.
  • 27,586
  • 18
  • 84
  • 94
15

If it's only one directory that you want to protect from viewing contents, you can also just add an index.html or index.php that will show whenever someone browses to that directory.

NoBugs
  • 9,310
  • 13
  • 80
  • 146
6

sudo nano /etc/apache2/apache2.conf

Located this section <Directory /var/www/> in the file

Add a minus to Indexes (Denied)

Add a plus to FollowSymLinks

Result : <Directory /var/www/> Options -Indexes +FollowSymLinks AllowOverride None Require all granted </Directory>

Works in Raspbian

You'll get the message : "You don't have permission to access "Directory" on this server."

BurnQc
  • 61
  • 1
  • 2
  • FYI: by disabling the Indexes , you get message "You don't have permission to access this resource.", 403 error. – klor Aug 18 '21 at 17:14
6

If you have the a2dismod utility on your distro you can remove the module entirely if you don't need directory indexes at all:

sudo a2dismod --force autoindex

Use the --force or -f flag to avoid the following warning:

WARNING: The following essential module will be disabled.                                                                                                                   
This might result in unexpected behavior and should NOT be done                                                                                                             
unless you know exactly what you are doing!                                                                                                                                 
 autoindex                                                                                                                                                                  
                                                                                                                                                                            
To continue type in the phrase 'Yes, do as I say!' or retry by passing '-f': Yes, do as I say!                                                                              
Module autoindex disabled.                                                                                                                                                  
To activate the new configuration, you need to run:                                                                                                                         
  systemctl restart apache2

Here are the docs for mod_autoindex

kjones
  • 1,339
  • 1
  • 13
  • 28
  • FYI: by disabling the autoindex, you get message "The requested URL was not found on this server.", 404 error. – klor Aug 18 '21 at 17:12
2

Make sure that you also add -Indexes to the config files in your sites-enabled (or sites-available as it was in my case) directory, they're usually inside the "/etc/apache2/" directory.

Garrick
  • 21
  • 2