2009年11月

(转)禁止Apache列出目录内容

默认情况下,Apache服务器会列出网站目录中的文件及子目录,这对于用于发布站点的服务器来说是很不安全的,所以需要禁用,修改httpd.conf配置文件中的对应设置即可。

问题的现象:

如果你的网站目录下有一个xxx的文件夹,如果xxx文件夹下没有默认页面(index.*等),当用户使用URL:http://你的网址/a/ 访问你的网站的话,Apache会把xxx文件夹里的内容全列出来。

解决方法:

要禁止此功能,修改httpd.conf
找到下面这一句删除掉Indexes即可。

Options Indexes FollowSymLinks

配置示例:

<Directory "E:/Program Files/Apache Software Foundation/Apache2.2/htdocs">
    #
    # Possible values for the Options directive are "None", "All",
    # or any combination of:
    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
    #
    # Note that "MultiViews" must be named *explicitly* --- "Options All"
    # doesn't give it to you.
    #
    # The Options directive is both complicated and important. Please see
    # http://httpd.apache.org/docs/2.2/mod/core.html#options
    # for more information.
    # 就是这一行,只去掉indexes也可
    #Options Indexes FollowSymLinks
   Options FollowSymLinks

    #
    # AllowOverride controls what directives may be placed in .htaccess files.
    # It can be "All", "None", or any combination of the keywords:
    #   Options FileInfo AuthConfig Limit
    #
    AllowOverride None

    #
    # Controls who can get stuff from this server.
    #
    Order allow,deny
    Allow from all

</Directory>

建议默认情况下,设置APACHE禁止用户浏览目录内容。