A security scan on one of our servers recently revealed that directory listing was enabled for a particular URL: abc.com/icons/small. We have configured our webservers to globally disable directory listing so this stumped us. We revisited our Apache httpd.conf, tweaked a couple of settings but it still wouldn’t disable. We google around to find an article by Plesk.
According to this article, Apache will, by default, always enable directory listing for the URL /icons. To disable this you will need to remove the autoindex.conf file from /etc/httpd/conf.d (on CentOS). To verify this issue the following:
# apachectl -M | grep autoindex autoindex_module (shared)
Restart Apache and listing should be disabled now.