Re: Apache configuration and security
Keith Seldon wrote:
> If you goto http://domain or http://domain./ all is fine. Unfortunately, if
> you goto http://domain// or append any number of '/' to the uri, then you
> will be served with a directory listing instead of the index page.
> I have fixed this localy by editiing /etc/apache2/sites-available/default .
> I have changed "RedirectMatch ^/$ /apache2-default/" to "RedirectMatch ^/*$
This isn't a security issue. A directory listing isn't a security
problem at all (if it were, we wouldn't have them on by default at all).
The only reason for that RedirectMatch is so the admin can see the
default apache2 start page instead of a directory listing, making things
a bit more "friendly". You may note that in more recent versions of the
packaging, I've commented out that line in the default config anyway,
since some users found the behavior rather confusing.