2008-03-23

【Apache】Indexes 目錄列表

在架完 Apache Server 時,預設找不到 link(連結) 時會列出該連結下所有的目錄。有時列出所有的檔案及目錄是不安全的。像凍仁剛架起來的 web 會顯示下圖這樣的訊息.. 這樣不管放啥東西在上面都會被看光光啦XD

1. 刪除 /etc/apache2/sites-available/default 中的 Indexes 來停用目錄列表之功能
1 NameVirtualHost *
2 <VirtualHost *>
3  ServerAdmin webmaster@localhost
4  DocumentRoot /var/www/
5  <Directory />
6    Options FollowSymLinks
7    AllowOverride None
8  </Directory>
9  <Directory /var/www/>
10    Options Indexes FollowSymLinks MultiViews
11    AllowOverride None
12    Order allow,deny
13    allow from all
14    # This directive allows us to have apache2's default start page
15    # in /apache2-default/, but still have / go to the right place
16    #RedirectMatch ^/$ /apache2-default/
17  </Directory>
18
19  ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
20  <Directory "/usr/lib/cgi-bin">
21    AllowOverride None
22    Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
23    Order allow,deny
24    Allow from all
25  </Directory>
26
27  ErrorLog /var/log/apache2/error.log
28
29  # Possible values include: debug, info, notice, warn, error, crit,
30  # alert, emerg.
31  LogLevel warn
32
33  CustomLog /var/log/apache2/access.log combined
34  ServerSignature On
35
36  Alias /doc/ "/usr/share/doc/"
37  <Directory "/usr/share/doc/">
38    Options Indexes MultiViews FollowSymLinks
39    AllowOverride None
40    Order deny,allow
41    Deny from all
42    Allow from 127.0.0.0/255.0.0.0 ::1/128
43  </Directory>
44
45 </VirtualHost>


2. 重新啟動 apache2
jonny@ubuntu:~$ sudo /etc/init.d/apache2 restart


完成後當 address 錯誤時,會顯示無權限開啟的訊息

相關連結:
紅.攝.情.感. Red maple’s note - Apache 如何關閉目錄列表
鳥哥 - httpd.conf 的基本設定