[solved] Apache mod_userdir overrides "Options -Indexes" ??

2 posts / 0 new

Topic locked

Last post

#1 Fri, 10/08/2010 - 22:09

haydent

[solved] Apache mod_userdir overrides "Options -Indexes" ??

for starters i have Options -Indexes set (as default) for all domains

so if i access domain.com/ (and theres no index.php) i get 403 forbidden, thats good for security

but with mod_userdir enabled (i like it) if i access

server.com/~user/ - i get a directory listing for domain.com ...

its not too secure as result as my username are my domain names... any work around to prevent the directory listing overide by mod_userdir ??

#2 Sat, 10/09/2010 - 03:07

haydent

oh well i worked it out myself:

just had to go into Webmin->Servers->Apache

edit most likely top virtual server:

"Default Server     Any     Any     Automatic   Automatic"

edit per directory option:

"Directory /home/*/public_html Directory"

click "show directives"

click "Manually Edit Directives" button

youll end up with the raw text:

            AllowOverride FileInfo AuthConfig Limit Indexes
            Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
            <Limit GET POST OPTIONS>
                    Order allow,deny
                    Allow from all
            </Limit>
            <LimitExcept GET POST OPTIONS>
                    Order deny,allow
                    Deny from all
            </LimitExcept>

edit this line:

Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec

change to:

Options MultiViews -Indexes SymLinksIfOwnerMatch IncludesNoExec

Save, and restart Apache.

Topic locked