CentOS 7にyumでApacheをインストールした場合のIndexesなど。
defaultでは公開ディレクトリにindex.htmlが無い場合にこのページが表示されます。
これは/etc/httpd/conf.d/welcome.confで制御されています。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
[root@host01 ~]# cat /etc/httpd/conf.d/welcome.conf # # This configuration file enables the default "Welcome" page if there # is no default index page present for the root URL. To disable the # Welcome page, comment out all the lines below. # # NOTE: if this file is removed, it will be restored on upgrades. # <LocationMatch "^/+$"> Options -Indexes ErrorDocument 403 /.noindex.html </LocationMatch> <Directory /usr/share/httpd/noindex> AllowOverride None Require all granted </Directory> Alias /.noindex.html /usr/share/httpd/noindex/index.html Alias /noindex/css/bootstrap.min.css /usr/share/httpd/noindex/css/bootstrap.min.css Alias /noindex/css/open-sans.css /usr/share/httpd/noindex/css/open-sans.css Alias /images/apache_pb.gif /usr/share/httpd/noindex/images/apache_pb.gif Alias /images/poweredby.png /usr/share/httpd/noindex/images/poweredby.png |
welcomeページを無効にします。
1 2 |
[root@host01 ~]# mv /etc/httpd/conf.d/welcome.conf /etc/httpd/conf.d/welcome.conf_ [root@host01 ~]# apachectl graceful |
httpd.confでOptions Indexesが有効なので/var/www/htmlのディレクトリリストが表示されます。
Options Indexesを無効にします。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 |
<Directory "/var/www/html"> # # Possible values for the Options directive are "None", "All", # or any combination of: # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews # # Note that "MultiViews" must be named *explicitly* --- "Options All" # doesn't give it to you. # # The Options directive is both complicated and important. Please see # http://httpd.apache.org/docs/2.4/mod/core.html#options # for more information. # Options -Indexes +FollowSymLinks # # AllowOverride controls what directives may be placed in .htaccess files. # It can be "All", "None", or any combination of the keywords: # Options FileInfo AuthConfig Limit # AllowOverride None # # Controls who can get stuff from this server. # Require all granted </Directory> |
ちなみに下記ではエラーになります。
1 2 3 4 5 |
<Directory "/var/www/html"> Options -Indexes FollowSymLinks AllowOverride None Require all granted </Directory> |
明示的に全てのoptionに+,-を指定するか、またはオプションそのものを無くす必要があります。
1 2 3 |
[root@host01 ~]# apachectl -t AH00526: Syntax error on line 144 of /etc/httpd/conf/httpd.conf: Either all Options must start with + or -, or no Option may. |
Options -Indexesに設定した場合は/etc/httpd/conf.d/autoindex.confも必要無いので無効にします。
1 |
[root@host01 ~]# mv /etc/httpd/conf.d/autoindex.conf /etc/httpd/conf.d/autoindex.conf_ |
/etc/httpd/conf.d/autoindex.confはOptions +Indexesの場合に見栄えを良くする等の設定ファイルです。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 |
# # Directives controlling the display of server-generated directory listings. # # Required modules: mod_authz_core, mod_authz_host, # mod_autoindex, mod_alias # # To see the listing of a directory, the Options directive for the # directory must include "Indexes", and the directory must not contain # a file matching those listed in the DirectoryIndex directive. # # # IndexOptions: Controls the appearance of server-generated directory # listings. # IndexOptions FancyIndexing HTMLTable VersionSort # We include the /icons/ alias for FancyIndexed directory listings. If # you do not use FancyIndexing, you may comment this out. # Alias /icons/ "/usr/share/httpd/icons/" <Directory "/usr/share/httpd/icons"> Options Indexes MultiViews FollowSymlinks AllowOverride None Require all granted </Directory> # # AddIcon* directives tell the server which icon to show for different # files or filename extensions. These are only displayed for # FancyIndexed directories. # AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip AddIconByType (TXT,/icons/text.gif) text/* AddIconByType (IMG,/icons/image2.gif) image/* AddIconByType (SND,/icons/sound2.gif) audio/* AddIconByType (VID,/icons/movie.gif) video/* AddIcon /icons/binary.gif .bin .exe AddIcon /icons/binhex.gif .hqx AddIcon /icons/tar.gif .tar AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip AddIcon /icons/a.gif .ps .ai .eps AddIcon /icons/layout.gif .html .shtml .htm .pdf AddIcon /icons/text.gif .txt AddIcon /icons/c.gif .c AddIcon /icons/p.gif .pl .py AddIcon /icons/f.gif .for AddIcon /icons/dvi.gif .dvi AddIcon /icons/uuencoded.gif .uu AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl AddIcon /icons/tex.gif .tex AddIcon /icons/bomb.gif /core AddIcon /icons/bomb.gif */core.* AddIcon /icons/back.gif .. AddIcon /icons/hand.right.gif README AddIcon /icons/folder.gif ^^DIRECTORY^^ AddIcon /icons/blank.gif ^^BLANKICON^^ # # DefaultIcon is which icon to show for files which do not have an icon # explicitly set. # DefaultIcon /icons/unknown.gif # # AddDescription allows you to place a short description after a file in # server-generated indexes. These are only displayed for FancyIndexed # directories. # Format: AddDescription "description" filename # #AddDescription "GZIP compressed document" .gz #AddDescription "tar archive" .tar #AddDescription "GZIP compressed tar archive" .tgz # # ReadmeName is the name of the README file the server will look for by # default, and append to directory listings. # # HeaderName is the name of a file which should be prepended to # directory indexes. ReadmeName README.html HeaderName HEADER.html # # IndexIgnore is a set of filenames which directory indexing should ignore # and not include in the listing. Shell-style wildcarding is permitted. # IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t |
ちなみにautoindex.confが無い場合はこんな表示です。
【追記】
Apacheセキュリティ設定
http://qiita.com/bezeklik/items/1c4145652661cf5b2271
Welcome.conf,autoindex.confなどdefaultでインストールされる*.confは削除してもUpdateで復活するようです。
従って空ファイルにした方がよさそうです。
1 2 |
cp /dev/null /etc/httpd/conf.d/welcome.conf cp /dev/null /etc/httpd/conf.d/autoindex.conf |
そもそも残しておいてもそれほど問題ないと思いますが…..