The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

PCI Compliance: Indexable and Discovered Directories

Discussion in 'General Discussion' started by rpertiet, May 27, 2008.

  1. rpertiet

    rpertiet Member

    Joined:
    Apr 21, 2007
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    During PCI compliance scanning the following directories were discovered and / or indexable. How can I fix this (remove, block, or whatever)?

    /usr/local/cpanel/img-sys/
    /usr/local/cpanel/java-sys/
    /usr/local/apache/icons/
    /usr/local/apache/manual/
    /usr/local/apache/manual/images/

    Thanks!
     
  2. DaveUsedToWorkHere

    DaveUsedToWorkHere Well-Known Member

    Joined:
    Dec 28, 2001
    Messages:
    689
    Likes Received:
    1
    Trophy Points:
    18
    That means that you have directives like this in /usr/local/apache/conf/httpd.conf:

    Code:
    <Directory "/usr/local/apache/htdocs">
        Options Includes Indexes FollowSymLinks
        AllowOverride None
        Order allow,deny
        Allow from all
    </Directory>
    
    To prevent indexing, change Indexes to -Indexes. Alternatively, you could remove the directive(s) if you do not wish for those directories to be web accessible. Then run
    Code:
    /usr/local/apache/bin/apachectl configtest
    to ensure you did not break the configuration file. If it says OK then run
    Code:
    /usr/local/cpanel/bin/apache_conf_distiller
    to save the changes and finally run
    Code:
    /usr/local/apache/bin/apachectl graceful
    to restart Apache.
     
  3. rpertiet

    rpertiet Member

    Joined:
    Apr 21, 2007
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    Great, thanks!
     
Loading...

Share This Page