By default Apache’s DirectoryIndexes value is turned on server wide. This allows the files in a folder to be viewed via a directory index when there is no index file present in that directory.
Leaving DirectoryIndexes on is a common way to fail a PCI scan. In this article we’ll walk you through disabling this server wide on your server, please note that this would require root access to your server.
- Log into WHM
- In the top-left Find box enter in Apache, then click on Apache Configuration.
- Click on Global Configuration.
- Scroll down to the Directory “/” Options section, then un-check Indexes.
- Scroll down to the bottom of the page and click on Save.
- Finally click on Rebuild Configuration and Restart Apache, Apache can take up to a few minutes to rebuild and during this time your websites won’t respond to requests.
- You should see that Apache was successfully restarted now.
- Now when you try to browse to a directory that doesn’t have an index file, you’ll receive an error instead of a directory listing.
You should now know how to disable Apache’s DirectoryIndex setting server wide on your server. This can help increase security by ensuring a directory that doesn’t include an index file isn’t exposing any other possibly sensitive files.