当我们访问某个网站时,在后面增加相应的目录,就可以浏览到目录,对于网站来说,是很不安全的。
解决办法:
编辑httpd.conf文件
# vim /etc/httpd/conf/httpd.conf
找到如下内容:
...... <Directory "/var/www/html"> # # Possible values for the Options directive are "None", "All", # or any combination of: # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews # # Note that "MultiViews" must be named *explicitly* --- "Options All" # doesn't give it to you. # # The Options directive is both complicated and important. Please see # http://httpd.apache.org/docs/2.2/mod/core.html#options # for more information. # Options Indexes FollowSymLinks # # AllowOverride controls what directives may be placed in .htaccess files. # It can be "All", "None", or any combination of the keywords: # Options FileInfo AuthConfig Limit # AllowOverride None # # Controls who can get stuff from this server. # Order allow,deny Allow from all ......
在Options Indexes FollowSymLinks在Indexes前面加上 – 符号。
即: Options -Indexes FollowSymLinks
【备注:在Indexes前,加 + 代表允许目录浏览;加 – 代表禁止目录浏览。】
这样的话就属于整个Apache禁止目录浏览了。
如果是在虚拟主机中,只要增加如下信息就行:
<Directory "/var/www/html">
Options -Indexes FollowSymLinks
AllowOverride None
Order deny,allow
Allow from all
</Directory>
这样的话就禁止/var/www/html进行目录浏览。
备注: 切记莫把“Allow from all”改成 “Deny from all”,否则,整个网站都不能被打开。