[solved] Apache mod_userdir overrides "Options -Indexes" ??

2 posts / 0 new
Last post
#1 Fri, 10/08/2010 - 22:09
haydent

[solved] Apache mod_userdir overrides "Options -Indexes" ??

for starters i have Options -Indexes set (as default) for all domains

so if i access domain.com/ (and theres no index.php) i get 403 forbidden, thats good for security

but with mod_userdir enabled (i like it) if i access

server.com/~user/ - i get a directory listing for domain.com ...

its not too secure as result as my username are my domain names... any work around to prevent the directory listing overide by mod_userdir ??

Sat, 10/09/2010 - 03:07
haydent

oh well i worked it out myself:

just had to go into Webmin->Servers->Apache

edit most likely top virtual server:

"Default Server Any Any Automatic Automatic"

edit per directory option:

"Directory /home/*/public_html Directory"

click "show directives"

click "Manually Edit Directives" button

youll end up with the raw text:

AllowOverride FileInfo AuthConfig Limit Indexes Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec <Limit GET POST OPTIONS> Order allow,deny Allow from all </Limit> <LimitExcept GET POST OPTIONS> Order deny,allow Deny from all </LimitExcept>

edit this line:

Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec

change to:

Options MultiViews -Indexes SymLinksIfOwnerMatch IncludesNoExec

Save, and restart Apache.