Disable Apache Configuration & DirectoryIndexing

MajorLancelot

Well-Known Member
Dec 17, 2014
51
4
83
Shinjuku-ku, Tokyo, Japan
cPanel Access Level
Root Administrator
cPanel has over the years disabled by default WHM features that have become redundant.

This is good since it reduces attack surface even in misconfigured servers.

With cPanel File Manager, SSH, SFTP, Web Dav, etc, I was wondering why cPanel why the DirectoryIndex is still left enabled by default in Apache Configuration even with the obvious security implications and the fact that new users don't know much about adding Options -Indexes to .htaccess.

Even if directory mapping is still needed (can't think of one reason), isn't there a way cPanel can improve on this to make it safer for cPanel users?

Thanks!
 

cPanelMichael

Technical Support Community Manager
Staff member
Apr 11, 2011
47,911
2,234
363
cPanel Access Level
DataCenter Provider
Twitter
Hello @MajorLancelot,

We consider security and usability when deciding on the default options enabled as part of new cPanel & WHM installations. When the Apache Indexes option is disabled, it's more likely users will encounter the "403 Forbidden" errors when attempting to access a domain name prior to uploading an index file.

I recommend opening a feature request to suggest disabling the Apache Indexes option by default.

Thank you.