This website is deprecated, and remains online only for historic access to old issues and docs for historic versions of Virtualmin. It has been unmaintained for several years, and should not be relied on for up-to-date information. Please visit www.virtualmin.com instead.

[solved] Apache mod_userdir overrides "Options -Indexes" ??

2 posts / 0 new

Topic locked

Last post

#1 Fri, 10/08/2010 - 22:09

haydent

[solved] Apache mod_userdir overrides "Options -Indexes" ??

for starters i have Options -Indexes set (as default) for all domains

so if i access domain.com/ (and theres no index.php) i get 403 forbidden, thats good for security

but with mod_userdir enabled (i like it) if i access

server.com/~user/ - i get a directory listing for domain.com ...

its not too secure as result as my username are my domain names... any work around to prevent the directory listing overide by mod_userdir ??

#2 Sat, 10/09/2010 - 03:07

haydent

oh well i worked it out myself:

just had to go into Webmin->Servers->Apache

edit most likely top virtual server:

"Default Server     Any     Any     Automatic   Automatic"

edit per directory option:

"Directory /home/*/public_html Directory"

click "show directives"

click "Manually Edit Directives" button

youll end up with the raw text:

            AllowOverride FileInfo AuthConfig Limit Indexes
            Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
            <Limit GET POST OPTIONS>
                    Order allow,deny
                    Allow from all
            </Limit>
            <LimitExcept GET POST OPTIONS>
                    Order deny,allow
                    Deny from all
            </LimitExcept>

edit this line:

Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec

change to:

Options MultiViews -Indexes SymLinksIfOwnerMatch IncludesNoExec

Save, and restart Apache.

Topic locked