web.onassar.com Archive

I can be reached at onassar@gmail.com.

For my open source work, check out github.com/onassar

Securing my indexes on my Slicehost VPS

View more posts

Ran into a bug where my directory indexes were being shown when a client was requesting my server by IP. So for example, if you went to you would see all the directories and files and could traverse through them.

The weird thing was that I already had Options -Indexes which should've prevented this in my apache config file. The issue was with a separate config file being loaded.

The IP level vhost located at /etc/apache2/sites-enabled/000-default contained the directive Options Indexes. Switching that to Options -Indexes solved my problem quite nicely.

No more malicious indexing of my content!


Instead of just switching the indexes off, I opted to redirect all requests to the IP to a certain domain. The reason? Individual files could still be accessed if the attacker/client knew the path to it (which could be guessed fairly accurately).

So, throwing the following in the config file mentioned above worked like a charm:

RewriteEngine On
RewriteRule ^(.*) http://www.domain.com/ [R=301,L]