By default Apache's DirectoryIndexes value is turned on server wide. This allows the files in a folder to be viewed via a directory index when there is no index file present in that directory.

If you happen to have read our previous article on how to pass PCI compliance scans, leaving DirectoryIndexes on is a common way to fail a PCI scan. In this article we'll walk you through disabling this server wide on your server, please note that this would require root access to your server.

  1. Log into WHM
  2. In the top-left Find box enter in Apache, then click on Apache Configuration.
    whm-click-on-apache-configuration
  3. Click on Global Configuration.
    whm-click-on-apache-global-configuration
  4. Scroll down to the Directory "/" Options section, then un-check Indexes.
    whm-un-check-apache-indexes
  5. Scroll down to the bottom of the page and click on Save.
  6. Finally click on Rebuild Configuration and Restart Apache, Apache can take up to a few minutes to rebuild and during this time your websites won't respond to requests.
    whm-click-on-rebuild-configuration
  7. You should see that Apache was successfully restarted now.
    whm-apache-successfully-restarted
  8. Now when you try to browse to a directory that doesn't have an index file, you'll receive an error instead of a directory listing.
    directory-listing-on-exampledirectory-listing-off-example


You should now know how to disable Apache's DirectoryIndex setting server wide on your server. This can help increase security by ensuring a directory that doesn't include an index file isn't exposing any other possibly sensitive files.

Did you find this article helpful?

We value your feedback!

Why was this article not helpful? (Check all that apply)
The article is too difficult or too technical to follow.
There is a step or detail missing from the instructions.
The information is incorrect or out-of-date.
It does not resolve the question/problem I have.
How did you find this article?
Please tell us how we can improve this article:
Email Address
Name

new! - Enter your name and email address above and we will post your feedback in the comments on this page!

Like this Article?

Post a Comment

Name:
Email Address:
Phone Number:
Comment:
Submit

Please note: Your name and comment will be displayed, but we will not show your email address.

News / Announcements

WordPress wp-login.php brute force attack
Updated 2014-07-17 06:43 pm EST
Hits: 200897

Related Questions

Here are a few questions related to this article that our customers have asked:
Ooops! It looks like there are no questions about this page.
Would you like to ask a question about this page? If so, click the button below!
Ask a Question

Need more Help?

Search

Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail: support@InMotionHosting.com
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!