The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Proper way to disable "Option Indexes" on /usr/local/apache/htdocs

Discussion in 'Security' started by techdruid, Jan 20, 2015.

  1. techdruid

    techdruid Member
    PartnerNOC

    Joined:
    Jan 16, 2012
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello,

    I have been at this for more than four hours and I have given up. Sure I can find a work-around to this problem, but I would rather do it the correct way. Can anyone provide insight?

    Basically, to summarize the problem. There is a file that gets created automatically at /usr/local/apache/htdocs/index.html. This file is created, I believe when Apache is reconfigured or upgraded. And that's dandy. But I also have some obfuscated files in that directory that I'd like to keep private. For some reason, there was time when index.html disappeared (no idea why), and suddenly Google and Baidu were grabbing the directory index and seeing and requesting my private files. Now I'm forced to rename them.

    So, I'd like to implement "Option -Indexes" to remove directory browsing from this Directory (/usr/local/apache/htdocs). I've noted that when reading /usr/local/apache/conf/httpd.conf, it states that the change should be made in the /var/cpanel/templates/apache2/main.default file. And I can in fact see a line of code in there that I would modify and forcibly put in "Option Includes FollowSymLinks" and thereby remove "Indexes" from that line.

    The problem with doing this is it appears that the main.default file is grabbing the options or variables from somewhere else. I would prefer to change the options/variables in the proper place, rather than hard coding my change into the main.default file.

    Can someone please tell me where I can change these variables that are in the line of code below?

    Code:
    <Directory "[% main.maindirectoryusrlocalapachehtdocs.item.directory %]">
        Options [% main.directoryusrlocalapachehtdocs.options.item.options %]
        AllowOverride [% main.directoryusrlocalapachehtdocs.allowoverride.item.allowoverride %]
        Order [% main.directoryusrlocalapachehtdocs.order.item.order %]
    [% FOREACH dir IN main.directoryusrlocalapachehtdocs.allow.items -%]
        Allow from [% dir.allow %]
    [% END -%]
    
    </Directory>
    
    Specifically, the variable(s)/option(s) for main.directoryusrlocalapachehtdocs.options.item.options

    For clarity, I've been able to change the Options for the root folder (/) through WHM. That setting is found in "Apache Configuration -> Global Configuration -> Directory / Options". But that does not change the setting for the htdocs folder.
     
  2. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    941
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    Can't you just make a .htaccess in /usr/local/apache/htdocs/ with "options -indexes" in it?
     
  3. techdruid

    techdruid Member
    PartnerNOC

    Joined:
    Jan 16, 2012
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I have tried that. And just to be safe, I tried it one more time. I created the .htaccess file with this, then I restarted cpanel, restarted httpd (apache), and then cleared my disk cache. Unfortunately, it is still showing the directory listing.

    Oh, well now I see why. The httpd.conf has AllowOverride None. :-( Which is again one of the settings taken from somewhere else.
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,461
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
  5. techdruid

    techdruid Member
    PartnerNOC

    Joined:
    Jan 16, 2012
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I'm not sure why you posted the FAQ's for EasyApache. There is nothing on that page about the question I'm asking. Is there something on that FAQ that I'm missing that is relevant to my question? I have spent over four hours on this. Yes, I've looked at the EasyApache docs. They are not particularly useful in this case.
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,762
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Note that you should actually edit the main.local file instead of the main.default file. This post explains the process, albeit for a different type of modification:

    Changes to Apache Configuration

    Thank you.
     
  7. Michael-Inet

    Michael-Inet Active Member

    Joined:
    Feb 20, 2014
    Messages:
    32
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Austin, TX, USA
    cPanel Access Level:
    Root Administrator
    Hi cPanelMichael,

    I believe the question is where do we change the variables in the main.default file, not how do we edit the main.local (main.default) file.

    Specifically where in WHM can I change the value for:

    main.directoryusrlocalapachehtdocs.allowoverride.item.allowoverride ?

    If there are different places to change the other variables, where is that?

    Thanks,
    Michael
     
  8. Michael-Inet

    Michael-Inet Active Member

    Joined:
    Feb 20, 2014
    Messages:
    32
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Austin, TX, USA
    cPanel Access Level:
    Root Administrator
    Where do we change the variables found in the main.default file? [1]

    I'm specifically looking for the proper way to change:

    main.directoryusrlocalapachehtdocs.allowoverride.item.allowoverride

    at the variable level, not by hacking a main.local [2].

    If there are other places to change the other cPanel variables [3], where are they located as well?

    Best Regards,
    Michael

    Code:
    [1] Clarifications:
    
    This question is not how do we use/edit the main.local (main.default) file.
    
    [2] References:
    
    $ head main.default
    
    #  It is also possible to add custom directives to the various "Include" files loaded by this httpd.conf  #
    #  For detailed instructions on using Include files and the apache_conf_distiller with the new configuration  #
    #  system refer to the documentation at: http://go.cpanel.net/customdirectives  #
    
    http://go.cpanel.net/customdirectives forwards to https://documentation.cpanel.net/display/EA/Custom+Directives+Outside+of+a+VirtualHost+Tag

    Which results in:

    Page Deleted
    A page with this title has been deleted. Contact your space administrator if you would like it restored.

    Code:
    [3] Example other variables:
    
    configured.ip_listen
    configured.main_port
    dir.allow
    dir.deny
    dir.extension
    dir.filename
    dir.format
    dir.include
    dir.logformat
    dir.mime
    dir.module
    dir.path
    dir.regex
    dir.target
    dir.url
    ip
    main.addtype.items
    main.alias.items
    main.defaulttype.item.defaulttype
    main.directory.allowoverride.item.allowoverride
    main.directory.options.item.options
    main.directoryusrlocalapachecgibin.allow.items
    main.directoryusrlocalapachecgibin.allowoverride.item.allowoverride
    main.directoryusrlocalapachecgibin.options.item.options
    main.directoryusrlocalapachecgibin.order.item.order
    main.directoryusrlocalapachehtdocs.allow.items
    main.directoryusrlocalapachehtdocs.allowoverride.item.allowoverride
    main.directoryusrlocalapachehtdocs.options.item.options
    main.directoryusrlocalapachehtdocs.order.item.order
    main.errorlog.item.errorlog
    main.extendedstatus.item.extendedstatus
    main.fileserrorlog.deny.items
    main.fileserrorlog.order.item.order
    main.fileserrorlog.satisfy.item.satisfy
    main.filesmatchht.deny.items
    main.filesmatchht.order.item.order
    main.filesmatchht.satisfy.item.satisfy
    main.group.item.group
    main.ifmodulealiasmodule.scriptalias.items
    main.ifmodulelogconfigmodule.customlog.items
    main.ifmodulelogconfigmodule.ifmodulelogiomodule.logformat.items
    main.ifmodulelogconfigmodule.logformat.items
    main.ifmodulemimemodule.addtype.items
    main.ifmodulemimemodule.typesconfig.item.typesconfig
    main.ifmodulemodlogconfigc.customlog.items
    main.ifmodulemodlogconfigc.logformat.items
    main.include.items
    main.listen.item.listen
    main.loadmodule.items
    main.lockfile.item.lockfile
    main.loglevel.item.loglevel
    main.maindirectory.item.directory
    main.maindirectoryusrlocalapachecgibin.item.directory
    main.maindirectoryusrlocalapachehtdocs.item.directory
    main.mainfileserrorlog.item.files
    main.mainfilesmatchht.item.filesmatch
    main.mainifmodulealiasmodule.item.ifmodule
    main.mainifmodulelogconfigmodule.item.ifmodule
    main.mainifmodulelogconfigmoduleifmodulelogiomodule.item.ifmodule
    main.mainifmodulemimemodule.item.ifmodule
    main.mainifmodulemodlogconfigc.item.ifmodule
    main.pidfile.item.pidfile
    main.rewriteengine.item.rewriteengine
    main.scriptalias.items
    main.scriptaliasmatch.items
    main.serveradmin.item.serveradmin
    main.servername.item.servername
    main.user.item.user
    
    
     
    #8 Michael-Inet, Apr 3, 2015
    Last edited by a moderator: Apr 3, 2015
  9. Michael-Inet

    Michael-Inet Active Member

    Joined:
    Feb 20, 2014
    Messages:
    32
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Austin, TX, USA
    cPanel Access Level:
    Root Administrator
    $ grep -irl "directoryusrlocalapachehtdocs" / > grepresults.txt

    $ cat grepresults.txt
    /usr/local/apache.backup/non_apache/___var___cpanel___templates___apache2___main.default
    /usr/local/apache.backup/non_apache/___var___cpanel___conf___apache___main

    So, it's not in a file?
     
  10. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,762
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  11. Michael-Inet

    Michael-Inet Active Member

    Joined:
    Feb 20, 2014
    Messages:
    32
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Austin, TX, USA
    cPanel Access Level:
    Root Administrator
    Hi Michael,

    Unfortunately the section that seems to deal with this question is incomplete or has a typo.

    > Modify the Apache configuration directives via WHM
    > To modify Apache's global configuration directives that cPanel & WHM builds by default, use WHM's Global Configuration interface (Home >> Service Configuration >> Global Configuration).

    There is no:

    (Home >> Service Configuration >> Global Configuration)

    in WHM 11.48.3 (build 0), nor anything returned by "glo" in the search box.

    Is this an upcoming feature that is not currently in the Release version? Or is there a correct path to use?

    Thanks,
    Michael
     
  12. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,762
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  13. Michael-Inet

    Michael-Inet Active Member

    Joined:
    Feb 20, 2014
    Messages:
    32
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Austin, TX, USA
    cPanel Access Level:
    Root Administrator
    Thank you Michael for the typo correction.

    Unfortunately then, that document does not address this thread. To summarize:

    Thank you.
     
  14. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,762
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    The proper location to update the existing values is:

    /var/cpanel/templates/apache2/main.local

    Or, to add custom changes outside of VirtualHosts, add entries to the appropriate include file in the following directory:

    /usr/local/apache/conf/includes/

    That being said, if it were me, I'd address the use of the custom files in the /usr/local/apache/htdocs directory. Is there any particular reason you need custom files in this directory, instead of in another document root?

    Thank you.
     
  15. Michael-Inet

    Michael-Inet Active Member

    Joined:
    Feb 20, 2014
    Messages:
    32
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Austin, TX, USA
    cPanel Access Level:
    Root Administrator
    Michael, what gives? Usually your answers are spot on, and I don't think I've ever seen you be intentionally obtuse. To me it seems like what you've just answered is exactly, 180 degrees away from the purpose of this question?

    Again, the question isn't how to hard code changes to main.local/main.default, it's: "Where do we set values for the variables in main.default (e.g. main.loadmodule.items, etc.)?"

    # # #

    On second thought, am I completely missing your point?

    Are you saying I should have a /var/cpanel/templates/apache2/main.local, with the single entry?

    [% main.directoryusrlocalapachehtdocs.allowoverride.item.allowoverride="{some value}" -%]

    and then regen Apache?

    {While I don't think this is what you mean, I could see how it might work.}

    In my specific case I would like to change the variable:

    main.directoryusrlocalapachehtdocs.allowoverride.item.allowoverride

    so that /usr/local/apache/htdocs/.htaccess gets processed [1].

    There not being any other document root I could make the changes in.

    # # #

    If there is no methodology within cPanel to change these variables in whatever .ini file, or .ini include file, they would be found in, or if there isn't even an .ini file to be able to add user changes to the bottom of, then just say so?

    Best Regards,
    Michael

    [1]
    Not that I think anyone cares, all it's doing is redirecting the main IP/path to a DomainName/path.

    {PS All: Don't use this, I typed it off the top of my head.}
    Blah, blah
    Options +FollowSymLinks
    RewriteEngine on
    RewriteBase /
    RewriteRule ^(.*)$ http://DomainName/$1 [L,R=301]
    Blah, blah
     
  16. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,461
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    You want to use the main shared IP address as an account?
     
  17. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,762
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    It seems like we might be misunderstanding exactly the type of change you are attempting to make. Could you elaborate on specific change you want to make to the Apache configuration (rather than the specific method you want to make the change), and we can then provide you with the best way to make that change?

    Thank you.
     
  18. Michael-Inet

    Michael-Inet Active Member

    Joined:
    Feb 20, 2014
    Messages:
    32
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Austin, TX, USA
    cPanel Access Level:
    Root Administrator
    Stripping out all the asides and other non-essential statements, the question is:

    Where is the value for the variable main.directoryusrlocalapachehtdocs.allowoverride.item.allowoverride set?
     
  19. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,762
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    The following entry is found in /var/cpanel/conf/apache/main:

    Code:
      directoryusrlocalapachehtdocs:
        allowoverride:
          directive: allowoverride
          item:
            allowoverride: None
    I believe this answers your question regarding where the value is normally stored. However, in order to preserve changes, you must copy /var/cpanel/templates/apache2/main.default to /var/cpanel/templates/apache2/main.local and edit the main.local file. Feel free to open a support ticket using the link in my signature if you require further clarification. You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
  20. Michael-Inet

    Michael-Inet Active Member

    Joined:
    Feb 20, 2014
    Messages:
    32
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Austin, TX, USA
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page