Physical Address

304 North Cardinal St.
Dorchester Center, MA 02124

Directory Listing for URL is always enabled / always showing

A security scan on one of our servers recently revealed that directory listing was enabled for a particular URL: We have configured our webservers to globally disable directory listing so this stumped us. We revisited our Apache httpd.conf, tweaked a couple of settings but it still wouldn’t disable. We google around to find an article by Plesk.

According to this article, Apache will, by default, always enable directory listing for the URL /icons. To disable this you will need to remove the autoindex.conf file from /etc/httpd/conf.d (on CentOS). To verify this issue the following:

# apachectl -M | grep autoindex
 autoindex_module (shared)

Restart Apache and listing should be disabled now.