Mar 27 2009

Secure Open Directories

By default, most ISP hosted Apache web server accounts do not prevent file indexing when a user navigates into a folder location missing a default index page. Why is this bad? For starters, it provides a quick and dirty method for determining your server/mod/plugin versions and install directory structure. Script Kiddie 101 stuff.

A quick and easy method to prevent casual file browsing is via a short root .htaccess mod:

# prevent directory browsing
Options -Indexes

Adding this option covers all the root sub folders automatically. Highly recommended for WordPress installs due to the shear volume of file directory information located in a typical install.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>