Disable Apache Configuration & DirectoryIndexing

MajorLancelot · May 13, 2019

cPanel has over the years disabled by default WHM features that have become redundant.

This is good since it reduces attack surface even in misconfigured servers.

With cPanel File Manager, SSH, SFTP, Web Dav, etc, I was wondering why cPanel why the DirectoryIndex is still left enabled by default in Apache Configuration even with the obvious security implications and the fact that new users don't know much about adding Options -Indexes to .htaccess.

Even if directory mapping is still needed (can't think of one reason), isn't there a way cPanel can improve on this to make it safer for cPanel users?

Thanks!

cPanelMichael · May 16, 2019

Hello @MajorLancelot,

We consider security and usability when deciding on the default options enabled as part of new cPanel & WHM installations. When the Apache Indexes option is disabled, it's more likely users will encounter the "403 Forbidden" errors when attempting to access a domain name prior to uploading an index file.

I recommend opening a feature request to suggest disabling the Apache Indexes option by default.

Thank you.

Thread starter	Similar threads	Forum	Replies	Date
B	Disable Apache access_log	Web Servers and Applications	3	Jun 10, 2022
O	How do I disable apache error.log globally?	Web Servers and Applications	2	Jul 18, 2018
	Provision button disabled on easyapache 4	Web Servers and Applications	3	Jun 20, 2018
	SOLVED Disable Functions in PHP configuration EasyApache 4	Web Servers and Applications	3	Dec 27, 2016
W	Disable domlogs with new easy apache configuration	Web Servers and Applications	5	Apr 6, 2009

Search

Search

Disable Apache Configuration & DirectoryIndexing

MajorLancelot

Well-Known Member

cPanelMichael

Administrator