Posted on

Disable directory indexes server wide

Leaving DirectoryIndexes on is a common way to fail a PCI scan. In this article we’ll walk you through disabling this server wide on your server, please note that this would require root access to your server.

  1. Log into WHM
  2. In the top-left Find box enter in Apache, then click on Apache Configuration.
    whm-click-on-apache-configuration
  3. Click on Global Configuration.
    whm-click-on-apache-global-configuration
  4. Scroll down to the Directory “/” Options section, then un-check Indexes.
    whm-un-check-apache-indexes
  5. Scroll down to the bottom of the page and click on Save.
  6. Finally click on Rebuild Configuration and Restart Apache, Apache can take up to a few minutes to rebuild and during this time your websites won’t respond to requests.
    whm-click-on-rebuild-configuration
  7. You should see that Apache was successfully restarted now.
    whm-apache-successfully-restarted
  8. Now when you try to browse to a directory that doesn’t have an index file, you’ll receive an error instead of a directory listing.
    directory-listing-on-exampledirectory-listing-off-example

 

You should now know how to disable Apache’s DirectoryIndex setting server wide on your server. This can help increase security by ensuring a directory that doesn’t include an index file isn’t exposing any other possibly sensitive files.