Web Server Security task marked failed!

Dear @Inderpreet @kodekloud-support3

Please check, I am sure I got this one right.

The task had two parts on stapp01,

  1. The first one is to disable the Apache Server from exposing its version and OS of the server to any remote client connecting to Apache. - This worked with no error/issue.

  2. To disable directory listing of the web site root ie /var/www/html/blog

My steps to the solution
a. Changed the AllowOverride None to AllowOverride All in /etc/httpd/conf/httpd.conf
b. Created the .htaccess file on /var/www/html/blog directory
c. Added the line “Options -Indexes” without quotations in .htaccess file.
d. Restarted the Apache service
e. Verified the Apache service to be running.

I am getting an error saying directory is not disabled!

Regards,
Salim Rashid

Hi,

Can some one responded please @Inderpreet @kodekloud-support3

Thanks.

Hi @Salim

Please note that you changed AllowOverride None to AllowOverride All for <Directory "/var/www">

<Directory "/var/www">
    AllowOverride None
    # Allow open access:
    Require all granted
</Directory> 

Since default document root i.e <Directory "/var/www/html"> do have its own section to manage these settings so you should have made these changes under <Directory "/var/www/html"> instead. Your htaccess changes were not considered at all.

I hope its clear to you now why this task failed for you.

Hi @Inderpreet

Thanks. Yes I understand the change is supposed to be on the document root. I am just asking my self why I changed the other directory :frowning_face: I think I’ll have to be more careful the next time I am editing the files.

1 Like

Don’t worry @Salim
Good luck for upcoming tasks.