Posted by: Hartoto | 02/24/2013

Cara Mematikan Modul Auto Index

Modul autoindex di apache memang mempermudah user dalam melihat file-file melalui web base. Tetapi dari sisi keamanan, modul ini justru membahayakan. Lho kok bisa? Ya, karena jika ini dibiarkan, semua orang akan mengetahui struktur direktori kita. Sebelum lebih jauh melangkah, saya akn kutip dari laman aslinya apache tentang “sesuatu” bernama autoindex:


AUTOINDEX:    Generates directory indexes, automatically, similar to the Unix ls command or the Win32 dir shell command

The index of a directory can come from one of two sources:

  • A file written by the user, typically called index.html. The DirectoryIndex directive sets the name of this file. This is controlled by mod_dir.
  • Otherwise, a listing generated by the server. The other directives control the format of this listing. The AddIcon, AddIconByEncoding and AddIconByType are used to set a list of icons to display for various file types; for each file listed, the first icon listed that matches the file is displayed. These are controlled by mod_autoindex.

The two functions are separated so that you can completely remove (or replace) automatic index generation should you want to.
Automatic index generation is enabled with using Options +Indexes. See the Options directive for more details.
If the FancyIndexing option is given with the IndexOptions directive, the column headers are links that control the order of the display. If you select a header link, the listing will be regenerated, sorted by the values in that column. Selecting the same header repeatedly toggles between ascending and descending order. These column header links are suppressed with IndexOptions directive’s SuppressColumnSorting option.

Note that when the display is sorted by “Size”, it’s the actual size of the files that’s used, not the displayed value – so a 1010-byte file will always be displayed before a 1011-byte file (if in ascending order) even though they both are shown as “1K”.


Nah bagaimana cara mudah untuk mematikan modul auto index. dalam kasus ini saya menggunakan OS Linux server. caranya sangat mudah:

# echo autoindex | a2dismod
# /etc/init.d/apache2 restart
Mudah bukan?

Responses

  1. very nice


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: