Get Free Linux Server Security, Performance & Troubleshooting Tips

Disable directory indexes on Apache using cPanel/WHM for increased security

Disable directory indexes on Apache using cPanel/WHM for increased security
5 (100%) 9 votes

How can I disable directory indexes for all websites on cPanel server? Answer: yes, there is a very simple method to completely disable the indexes directive from Apache web server for all websites inside a cPanel / WHM server.

On this post we will learn about what is directory index or indexes, and how to disable indexes using the Apache configuration interface from WHM control panel.

What is directory index?

Before getting into the task, let’s discover what is directory index after all.
Directory indexes or directory index, is an webserver feature that allows a remote user to browse your website files when there is no index file placed inside a directory.




Disable directory indexes server wide on Apache using cPanel

Altough this can lead attackers to know more information about your website, on cPanel servers it is enabled by default. There is absolutely no need to have this enabled by default because if you need to browse your files you can do it perfectly using FTP, SSH or SFTP instead.

You can disable directory indexes on cPanel from the command line or via WHM interface, that is our preffered way and the recommeded by cPanel official guides.

Let’s start disabling indexes on Apache:

1. Log into WHM as root user.
2. Move to WHM » Service Configuration » Apache Configuration, as you see below:




Fig. 01. WHM » Service Configuration » Apache Configuration
Fig. 01. WHM » Service Configuration » Apache Configuration

3. Click on Global Configuration.
4. Move to Directory “/” Options.
5. Deactivate/uncheck Indexes option.

Fig. 02. WHM » Service Configuration » Apache Configuration - Disable Indexes on cPanel
Fig. 02. WHM » Service Configuration » Apache Configuration – Disable Indexes on cPanel

6. Save and rebuild Apache configuration to apply changes

WHM » Service Configuration » Apache Configuration - Rebuild Apache and Restart
Fig. 03. WHM » Service Configuration » Apache Configuration – Rebuild Apache and Restart

That’s all, at athis time you should have disabled directory index / directory listing for all your cPanel accounts.

How can I disable directory listing for a single cPanel account?

As a server administrator, no account should have directory listing enabled, never. However, if you want to disable directory index for one particular account and leave the rest insecure, here there is a full explanation on how to do it. Let’s begin.

1. Log into your cPanel account from http://www.yoursite.com/cpanel
2. Move to Index Manager.
3. You will see the directory list, then select the directory that you want to disable directory listing.
4. Select “No Indexing”, save your changes.

That’s it, now your directory listing is disabled for that particular account.

Further reading:

Leave a Reply

Your email address will not be published. Required fields are marked *