Ran into a bug where my directory indexes were being shown when a client was
requesting my server by IP. So for example, if you went to
http://126.96.36.199/domain.com you would see all the directories and files and
could traverse through them.
The weird thing was that I already had
Options -Indexes which should've
prevented this in my apache config file. The issue was with a separate config
file being loaded.
The IP level vhost located at
Options Indexes. Switching that to
Options -Indexes solved my
problem quite nicely.
No more malicious indexing of my content!
Instead of just switching the indexes off, I opted to redirect all requests to the IP to a certain domain. The reason? Individual files could still be accessed if the attacker/client knew the path to it (which could be guessed fairly accurately).
So, throwing the following in the config file mentioned above worked like a charm:
RewriteEngine On RewriteRule ^(.*) http://www.domain.com/ [R=301,L]