Koozali.org: home of the SME Server

Obsolete Releases => SME Server 7.x => Topic started by: pizzaco on October 24, 2011, 05:00:10 PM

Title: Disable index listing of Apache "icons" folder
Post by: pizzaco on October 24, 2011, 05:00:10 PM: The nature of our business requires a quarterly security scan. Our scanning vendor discovered that mydomain.com/icons/ is returning an index listing. Although indexing this folder probably isn't a volunerablity, I want to shut it off.

I think I can do this by creating a custom template to modify the Apache config file, but I only want to do that as a last resort. Does anyone know of a "built-in" way to shut this off?

Thanks
Title: Re: Disable index listing of Apache "icons" folder
Post by: cactus on October 24, 2011, 06:43:17 PM: Quote from: pizzaco on October 24, 2011, 05:00:10 PM
I think I can do this by creating a custom template to modify the Apache config file, but I only want to do that as a last resort. Does anyone know of a "built-in" way to shut this off?
There is no built-in way to shut this off. The custom-template route is the way to go, here is a simple way to set the "Options Indexes" to "Options -Indexes in a custom-template.

Code: [Select]
mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf sed -e 's/Indexes/\-Indexes/' \ < /etc/e-smith/templates/etc/httpd/conf/httpd.conf/90e-smithAccess10icons \ > /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/90e-smithAccess10icons expand-template /etc/httpd/conf/httpd.conf sv t httpd-e-smith
Title: Re: Disable index listing of Apache "icons" folder
Post by: pizzaco on October 24, 2011, 09:47:49 PM: Thanks, cactus. That did the trick. I did have to add an single-quote to the sed command and also collapse it back to one line.
Title: Re: Disable index listing of Apache "icons" folder
Post by: cactus on October 24, 2011, 10:17:47 PM: Quote from: pizzaco on October 24, 2011, 09:47:49 PM
I did have to add an single-quote to the sed command and also collapse it back to one line.
Oops, it was missing a quote indeed, I fixed that. The multiline command should not be an issue normally, the trailing backslashes should allow the command to brake over multiple lines. Are you sure the backslashes are the last token on the line?
Title: Re: Disable index listing of Apache "icons" folder
Post by: pizzaco on October 24, 2011, 10:23:51 PM: There was an extra trailing space after the first back slash. Didn't know to check for something like that. Thanks for the tip.
Title: Re: Disable index listing of Apache "icons" folder
Post by: cactus on October 24, 2011, 10:24:41 PM: Quote from: pizzaco on October 24, 2011, 10:23:51 PM
There was an extra trailing space after the first back slash. Didn't know to check for something like that. Thanks for the tip.
You're welcome, I have ran into that in the past scratching my head as well... :-D
Title: Re: Disable index listing of Apache "icons" folder
Post by: CharlieBrady on October 24, 2011, 10:28:20 PM: Quote from: pizzaco on October 24, 2011, 05:00:10 PM
Does anyone know of a "built-in" way to shut this off?

Yes, raise the issue via the bug tracker, and wait for the issue to be addressed via an update in the distribution.

The other way is a custom template. You should do both.
Title: Re: Disable index listing of Apache "icons" folder
Post by: pizzaco on October 24, 2011, 10:45:37 PM: Opened a bug:

http://bugs.contribs.org/show_bug.cgi?id=6769