I have a 3rd party client who did a PCI scan on their site. The report returned this:
web server autoindex enabled
What is this and is it safe to disable it? Does anyone know the safest way to disable it, and how I can check it has been disabled?
What is apache autoindex and should I disable it?
27.5k Views Asked by symlink At
1
There are 1 best solutions below
Related Questions in SECURITY
- HTTPS configuration in Spring Boot, server returning timeout
- HSM ZKA control mask values
- OWASP Amass Subcommands
- Is there a need for BPF Linux namespace?
- Error when trying to execute a binary compiled in a Kali Linux machine on an Ubuntu system
- When sanitize/encode while implementing tags system like on SO
- spring security version in spring-boot-starter-security
- I am currently trying to implement a rudimentary firewall from a video I watched but the nimda worm detection is not working and i do not know why?
- Is it possible for `sudo` to fail temporarily with the correct password? Hacking suspected
- Is it viable proxying all my mobile apps requests, to some kind knowing that a request is coming from a secure source
- What abilities should I concentrate on while bug hunting, and how can I improve the quality of my bug bounty reports?
- System.ArgumentOutOfRangeException: I passed this error in every single program
- How to prevent users from creating custom client apps?
- Does server-side content security policy exist for youtube video player API, app, mod apks and website?
- Can we pass a hostname/IP address as a query string in a GET request in REST API
Related Questions in PCI-COMPLIANCE
- Can I send encrypted Credit Card data to my non-PCI server for sending it to a PCI Credit Card Service? WITHOUT STORING THE DATA ON MY SERVER
- GKE & PCI DSS ASV Scans
- Credit card validation with Auth.net meeting PCI compliance
- is it possible to create a payment profile and a customer profile, using api, but in compliance with the pci compliance regulations?
- CVE-2021-38628 in nodeJs
- has anyone undergone certification of PCI-DSS using general purpose HSM (and not payshield)?
- Is it PCI compliant to create PaymentIntent directly from my Flutter app?
- PCI DSS Compliance when extracting data for analysis
- Masking Card Data Using log4j2
- Objective of PCI DSS 3.4 is only for physical theft of disk?
- Braintree how to use stored credit card for payments
- Displaying Credit Cards on User Profile
- GCP compliance manager - are there API to download reports?
- Tenable Nessus to approve PCI DSS: Microsoft ASP.NET MS-DOS Device Name DoS (PCI-DSS check)
- How do I perform a security scan on an Angular 7 app?
Related Questions in MOD-AUTOINDEX
- Enable or disable LastModified column in apache mod_autoindex with fancyindex
- Nginx 403 on autoindex directory
- How to play a .ts file in Edge browser with Apache2
- How to control mod_autoindex header to insert <meta> tags?
- Apache AutoIndex and Python PEP 503
- NGINX 403 error with autoindex
- Set IndexIgnore inside httpd.conf
- Different "last modified" date format on Apache 2.4 with mod_autoindex
- Apache directory listing - force show files first (in the same way as FoldersFirst)
- Apache2 mod autoindex does not read .php
- Customize Apache index pages with messages
- Remove Last Modified and Size From mod_autoindex
- Single theme folder for mod_autoindex with virtualhost
- Can Apache be configured to allow JS in browser to get server directory contents?
- PHP How To Use My Pagination Name On My Site Title
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular # Hahtags
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
autoindex generates directory indexes, automatically, similar to the Unix
lscommand or the Win32dirshell command. From:http://httpd.apache.org/docs/2.2/mod/mod_autoindex.html
You'd comment out the line in your
conf/http.confthat referencesmod_autoindex, and restart/reload the service.The only reason you'd want this is if you want people browsing your web directories (eg, stripping off a resource, and navigating to the parent dir).