Apache httpd 目录列表禁用配置(options indexes)

Apache httpd服务器在缺省的情况下,开启了基于目录列表的访问,这是一个存在安全隐患的问题,因此可以关闭这个功能。在Apache 2.4的版本中,不在支持使用-indexes来配置,需要注释该功能。本文对此给出演示,供大家参考。

一、缺省情况目录列表可查看示例

当前环境

[root@centos7-web ~]# more /etc/redhat-release 
CentOS Linux release 7.2.1511 (Core) 

[root@centos7-web ~]# apachectl -v
Server version: Apache/2.4.6 (CentOS)
Server built:  Nov 19 2015 21:43:13

为站点添加index.html页面

# echo "This is a apache test index page" > /var/www/html/index.html
[root@centos7-web ~]# curl http://localhost
This is a apache test index page

移除index.html

[root@centos7-web ~]# mv /var/www/html/index.html /var/www/html/index.tmp

依旧可以访问,不过此时为apache的缺省欢迎页面

未分类

移除apache欢迎页面

[root@centos7-web ~]# mv /etc/httpd/conf.d/welcome.conf /etc/httpd/conf.d/welcome.conf.bk  
[root@centos7-web ~]# cp /usr/share/backgrounds/* /var/www/html/.

未分类

[root@centos7-web ~]# grep -Ev "^$|^#|*#" /etc/httpd/conf/httpd.conf >/etc/httpd/conf/httpd.conf.tmp
[root@centos7-web ~]# cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.1106 
[root@centos7-web ~]# mv /etc/httpd/conf/httpd.conf.tmp /etc/httpd/conf/httpd.conf
mv: overwrite ‘/etc/httpd/conf/httpd.conf’? yes

二、关闭options 中Indexes(关闭文件列表)

[root@centos7-web ~]# vim /etc/httpd/conf/httpd.conf 
 [root@centos7-web ~]# grep "Indexes" -B1 -A3 /etc/httpd/conf/httpd.conf   查看修改后的结果
<Directory "/var/www/html">
#  Options Indexes FollowSymLinks   ##注释该行
    AllowOverride None
    Require all granted
</Directory>

[root@centos7-web ~]# systemctl reload httpd    
[root@centos7-web ~]# curl http://localhost                    
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /
on this server.</p>
</body></html>

三、关闭FollowSymLinks(关闭访问符号链接文件)

[root@centos7-web ~]# ln -sv /etc/redhat-release /var/www/html/redhat-release.html
‘/var/www/html/redhat-release.html’ -> ‘/etc/redhat-release’
[root@centos7-web ~]# ls -hltr /var/www/html/redhat-release.html
lrwxrwxrwx 1 root root 19 Sep 21 16:15 /var/www/html/redhat-release.html -> /etc/redhat-release

[root@centos7-web ~]# curl http://localhost/redhat-release.html                  
CentOS Linux release 7.2.1511 (Core) 

[root@centos7-web ~]# vim /etc/httpd/conf/httpd.conf 
Options None   ##改成Options None 
[root@centos7-web ~]# systemctl reload httpd 

[root@centos7-web ~]# curl http://localhost/redhat-release.html
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>   ##Author : Leshami
<h1>Forbidden</h1> ## Blog : http://blog.csdn.net/leshami
<p>You don't have permission to access /redhat-release.html
on this server.</p>
</body></html>