InformationThe Apache 'mod_autoindex' module automatically generates a web page listing the contents of directories on the server, typically used so an 'index.html' does not have to be generated.
Automated directory listings should not be enabled because they will reveal information helpful to an attacker such as naming conventions and directory paths. They may also reveal files that were not intended to be revealed.
SolutionPerform either one of the following to disable the 'mod_autoindex' module:
1. For source builds with static modules, run the Apache './configure' script with the '--disable-autoindex configure' script options.
$ cd $DOWNLOAD/httpd-2.2.22
$ ./configure -disable-autoindex
2. For dynamically loaded modules, comment out or remove the 'LoadModule' directive for the 'mod_autoindex' module from the 'httpd.conf' file.
## LoadModule autoindex_module modules/mod_autoindex.so