Disable directory indexes server wide

By default Apache’s DirectoryIndexes value is turned on server wide. This allows the files in a folder to be viewed via a directory index when there is no index file present in that directory.

If you happen to have read our previous article on how to pass PCI compliance scans, leaving DirectoryIndexes on is a common way to fail a PCI scan. In this article we’ll walk you through disabling this server wide on your server, please note that this would require root access to your server.

  1. Log into WHM
  2. In the top-left Find box enter in Apache, then click on Apache Configuration.
    whm-click-on-apache-configuration
  3. Click on Global Configuration.
    whm-click-on-apache-global-configuration
  4. Scroll down to the Directory “/” Options section, then un-check Indexes.
    whm-un-check-apache-indexes

  5. Scroll down to the bottom of the page and click on Save.
  6. Finally click on Rebuild Configuration and Restart Apache, Apache can take up to a few minutes to rebuild and during this time your websites won’t respond to requests.
    whm-click-on-rebuild-configuration

  7. You should see that Apache was successfully restarted now.
    whm-apache-successfully-restarted

  8. Now when you try to browse to a directory that doesn’t have an index file, you’ll receive an error instead of a directory listing.
    directory-listing-on-example

    directory-listing-off-example


You should now know how to disable Apache’s DirectoryIndex setting server wide on your server. This can help increase security by ensuring a directory that doesn’t include an index file isn’t exposing any other possibly sensitive files.

Leave a Reply