Symptoms
-
Everyone can see the content of
/var/www/icons/*directory by accessing the domain by URLhttps://example.com/icons/or its IP:203.0.113.2/icons/ -
Apache
mod_autoindexis enabled:# apachectl -M | grep autoindex
autoindex_module (shared)
Сause
This behavior is caused by Apache mod_autoindex, which comes enabled by default.
Resolution
Currently, it is not possible to manage mod_autoindex module via Plesk.
Vote for the ability to manage additional Apache modules in Plesk on User Voice portal. Top-ranked suggestions are likely to be implemented in future product version.
Disabling listing of the/icons/directory can be done in two ways:
Note: Following customization has not been tested and supported by Plesk. You should perform them on your own risk.
Disable mod_autoindex module completely
-
Log in to the server via SSH.
-
Disable module by running the following command:
# mv /etc/httpd/conf.d/autoindex.conf /etc/httpd/conf.d/autoindex.conf.bak
-
Restart Apache service:
Centos/RHEL:
# systemctl restart httpd
Debian/Ubuntu:
# systemctl restart apache2
Disable listing of /var/www/icons/* with mod_autoindex enabled
-
Log into the server via SSH.
-
Use any text editor to adjust the content of
/etc/httpd/conf.d/autoindex.conffile:<Directory "/usr/share/httpd/icons">
Options Indexes MultiViews FollowSymlinks
AllowOverride None
Require all granted
</Directory>To:
<Directory "/usr/share/httpd/icons">
Options -Indexes +MultiViews +FollowSymlinks
AllowOverride None
Require all granted
</Directory> -
Restart Apache service:
Centos/RHEL:
# systemctl restart httpd
Debian/Ubuntu:
# systemctl restart apache2