I have written a Flask app, which is running through Apache on a Docker-Container.
The flask app is vulnerable on purpose!
It is designed to teach students about Secure Coding.
To make the website even "weaker" I want Directory Listing be enabled, so it is possible to just browse through the servers files.
I have tried the following as config file for apache:
`<VirtualHost *:80>
ServerName 127.0.0.1
ServerAdmin webmaster@localhost
DocumentRoot /app
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /app>
Options Indexes followSymLinks
AllowOverride None
Require all granted
</Directory>
WSGIDaemonProcess app python-path=/app:/app/venv/lib/python3.10/site-packages
WSGIProcessGroup app
WSGIScriptAlias / /app/wsgi.py
</VirtualHost>`
But all i get is a "Not Found" reply, from the server when I try to e.g visit: http://localhost:8080/app
The flask app itself still works as intended.
I have also tried to run everything as a Proxy, but it seems that Flask has its own problems running with such a configuration, which I have also tried to fix but they did not seem to work yet.
I have also found this ARticle: Directory Listing issue with Apache/Flask
But i dont understand how to route specific files through apache instead of flask.