Symptoms
-
Everyone can see the content of
/var/www/icons/*
directory by accessing the domain by URLhttps://example.com/icons/
or its IP:203.0.113.2/icons/
-
Apache
mod_autoindex
is enabled:# apachectl -M | grep autoindex
autoindex_module (shared)
Сause
This behavior is caused by Apache mod_autoindex
, which comes enabled by default.
Resolution
Currently, it is not possible to manage mod_autoindex
module via Plesk.
Vote for the ability to manage additional Apache modules in Plesk on User Voice portal. Top-ranked suggestions are likely to be implemented in future product version.
Disabling listing of the/icons/
directory can be done in two ways:
Note: Following customization has not been tested and supported by Plesk. You should perform them on your own risk.
Disable mod_autoindex
module completely
-
Log in to the server via SSH.
-
Disable module by running the following command:
# mv /etc/httpd/conf.d/autoindex.conf /etc/httpd/conf.d/autoindex.conf.bak
-
Restart Apache service:
Centos/RHEL:
# systemctl restart httpd
Debian/Ubuntu:
# systemctl restart apache2
Disable listing of /var/www/icons/*
with mod_autoindex
enabled
-
Log into the server via SSH.
-
Use any text editor to adjust the content of
/etc/httpd/conf.d/autoindex.conf
file:<Directory "/usr/share/httpd/icons">
Options Indexes MultiViews FollowSymlinks
AllowOverride None
Require all granted
</Directory>To:
<Directory "/usr/share/httpd/icons">
Options -Indexes +MultiViews +FollowSymlinks
AllowOverride None
Require all granted
</Directory> -
Restart Apache service:
Centos/RHEL:
# systemctl restart httpd
Debian/Ubuntu:
# systemctl restart apache2