Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: Kobus on February 26, 2005, 01:11:20 AM

Title: Disabling Directory Browsing
Post by: Kobus on February 26, 2005, 01:11:20 AM

Hi all

I have searched the forums and am unable to find a solution. I did find one forum which ended rather abruptly with no answer.

Can anyone please tell me how to diable http directory browsing. I also have e-smith-modindex-0.0.5-2 installed. Is this the problem and if so how do I get rid of it?

Thanks in advance.

Title: Re: Disabling Directory Browsing
Post by: Kobus on February 26, 2005, 12:51:20 PM

Quote from: "kbensch"

Hi all

I have searched the forums and am unable to find a solution. I did find one forum which ended rather abruptly with no answer.

Can anyone please tell me how to diable http directory browsing. I also have e-smith-modindex-0.0.5-2 installed. Is this the problem and if so how do I get rid of it?

Thanks in advance.

Not too worry guys i sorted this. all secure now

Title: Disabling Directory Browsing
Post by: WEBlance on February 26, 2005, 06:27:20 PM

What did You do? It might be that others can use Your experience!

Title: Disabling Directory Browsing
Post by: Kobus on February 26, 2005, 08:41:55 PM

Quote from: "WEBlance"

What did You do? It might be that others can use Your experience!

Oh ok here is what I did:
I have e-smith-modindex-0.0.5-2 as one of the e-smith modules and found that that is part of the problem.

to get around directory indexing I copied
/etc/e-smith/templates/etc/httpd/conf/httpd.conf/90e-smithAccess40ibays
to
/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/90e-smithAccess40ibays

I then made the following change:

FROM

my $dynamicContent = $properties{'CgiBin'} || "disabled";
        $OUT .= "\n";
        $OUT .= "#------------------------------------------------------------\n";
        $OUT .= "# $key ibay directories ($properties{'Name'})\n";
        $OUT .= "#------------------------------------------------------------\n";

        $OUT .= "\n";
        $OUT .= "<Directory /home/e-smith/files/ibays/$key/html>\n";
        $OUT .= "    Options +Indexes\n";
        if ($dynamicContent eq 'enabled')
        {
            $OUT .= "    Options +Includes\n";
        }

TO

my $dynamicContent = $properties{'CgiBin'} || "disabled";
        $OUT .= "\n";
        $OUT .= "#------------------------------------------------------------\n";
        $OUT .= "# $key ibay directories ($properties{'Name'})\n";
        $OUT .= "#------------------------------------------------------------\n";

        $OUT .= "\n";
        $OUT .= "<Directory /home/e-smith/files/ibays/$key/html>\n";
        $OUT .= "    Options -Indexes\n";
        if ($dynamicContent eq 'enabled')
        {
            $OUT .= "    Options +Includes\n";
        }

The only real change in this section is from Options +Indexes to Options -Indexes

I also had to disable the e-smith-modindex-0.0.5-2 module by doing this:
copied /etc/e-smith/templates/etc/httpd/conf/httpd.conf/86ModIndex to /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/86ModIndex and hashed # all the lines in this file.

then ran /sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf

then /etc/init.d/httpd graceful and that got rid of and secured my server and all websites.

I do have one site that still requires directory browsing, but for now I have just changed the httpd.conf directly and restarted httpd. once I have a solution for that I will post it here.

I was thinking about adding an if statement that reads a file, but am at the moment just happy that my solution works. Will spend more time on it later.

Hope this helps.