Web Server Security task marked failed!

selvag · August 7, 2020, 5:16am

sudo systemctl start httpd

sudo systemctl status httpd

Added below 2 lines end of config file : /etc/httpd/conf/httpd.conf

ServerTokens Prod
ServerSignature Off

Modified below details in config file

<Directory “/var/www/html”>
Options -Indexes +FollowSymLinks
AllowOverride None
Require all granted

sudo systemctl restart httpd

Its worked for me.

NVKrishna · August 16, 2020, 12:55am

Got succeeded with above leads. Thanks devops503 and selvag.

bhargavmendapara115 · September 5, 2020, 2:30pm

Hi @Salim,

In your steps you forgot to include on how to hide apache version number.

For all - please refer below tutorials for this task.

Thanks,
Bhargav

bhargavmendapara115 · September 5, 2020, 2:31pm

Hi @Salim,

In your steps you forgot to include on how to hide apache version number.

For all - please refer below tutorials for this task.

Thanks,
Bhargav

praddasg · November 8, 2020, 10:07pm

Hello @Inderpreet @Tej-Singh-Rana, can you please help here to understand
I IONOS Cloud Documentation - Products to disable the directory listing)

Please suggest what is wrong. Is it because I have marked the directive AllowOverride as None. Should this be All?
As per Disable Apache Web Directory Listing Using .htaccess File, it says to create .htaccess file.
a. What is the difference between creating this file and updating the same details in httpd.conf file?
b. which path do I need to create .htaccess file?
c. Also how is there a way to verify if directory listing has been disabled?

Inderpreet · December 28, 2020, 8:02am

Hi @praddasg

AllowOverride All means you are allowing Apache to overwrite config settings for a particular directory location using .htaccess file. If you have set AllowOverride None then even if you keep .htaccess under that directory location it won’t be effective.
Whatever path is asked in the question to disable directory listing for e.g /var/www/html/
Lets say if apache document root is /var/www/html and you have disabled directory listing for /var/www/html/somedir then you can check in the browser by opening this URL http://<your-website>/somedir, it should not list the files/directories present under /var/www/html/somedir directory.

praddasg · February 15, 2021, 2:44am

Hi @Inderpreet @Tej-Singh-Rana
Is there any other way to verify if directory listing is indeed disabled using curl or any other command line utility?
The challenge here is, I am not able to verify using browser

Inderpreet · February 17, 2021, 5:46am

@praddasg

If you are seeing your data listed in the browser after accessing "http://“your-website”/somedir URL then directory listing isn’t disabled for this directory.

You can also use command line utility like elinks to test the same.

shawon10 · February 20, 2021, 1:25pm

Solution for beginners: Web Server Security Kodekloud

6stringsaber · March 22, 2021, 9:22am

For Tutorial/Solution. Content made for sole reason to help the community.

hardiku87 · August 16, 2021, 10:32am

it should be allowedoverride all not none