Rootop 服务器运维与web架构

禁止apache列出目录内容

        如果网站根目录下有一个test的文件夹,里面有网页页面,如果test文件夹下没有系统定义的默认页面,当用户访问网站test目录的话,Apache会把test文件夹里的内容全列出来。这样是不安全的。

要禁止此功能,修改httpd.conf,找到下面这一句删除掉Indexes即可。

Options Indexes FollowSymLinks

配置示例:

<Directory “/usr/local/apache/htdocs”>
    #
    # Possible values for the Options directive are “None”, “All”,
    # or any combination of:
    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
    #
    # Note that “MultiViews” must be named *explicitly* — “Options All”
    # doesn’t give it to you.
    #
    # The Options directive is both complicated and important.  Please see
    # http://httpd.apache.org/docs/2.2/mod/core.html#options
    # for more information.
    #
    #Options Indexes FollowSymLinks

      Options FollowSymLinks

    #
    # AllowOverride controls what directives may be placed in .htaccess files.
    # It can be “All”, “None”, or any combination of the keywords:
    #   Options FileInfo AuthConfig Limit
    #
    AllowOverride All

    #
    # Controls who can get stuff from this server.
    #
    Order allow,deny
    Allow from all

</Directory>

原创文章,转载请注明。本文链接地址: https://www.rootop.org/pages/1239.html

作者:Venus

服务器运维与性能优化

评论已关闭。