Directory indexing
When a user requests an URL like http://www.example.com/
, with no filename specification, Apache will look for the file specified by the DirectoryIndex
setting (for example index.html
). If this file is found, it is served to the user. If it doesn't exist, what happens next is determined by whether the Apache option called Indexes
is enabled or not.
The Indexes
option can be enabled for a directory in the following way:
<Directory /home/www/example> Options +Indexes </Directory>
If the Indexes
option is active then Apache will generate a directory listing and display it to the user if the default DirectoryIndex
file is not found. This listing contains the names of all files and sub-directories in the requested directory, and this can be a problem for several reasons:
Files that were never meant to be publicly disclosed can be requested by the user, even if they are not linked from anywhere
Names of subdirectories are displayed, and again this may lead to the user...