Shocked to see that DIRECTORY INDEXING is ON for all hosted accounts!

jols

Well-Known Member
Mar 13, 2004
1,107
3
168
I believe this did not used to be the case, but now anyone can view the file contents in very nearly every account we host if there is no index file (e.g. index.html, index.htm, etc.) within that directory. This is a security hazzard to say the least.

I know, that the account owner can access their cPanel and switch off indexing there, but this should be OFF by default? No?

Okay, so in cPanel ---> Index Manager, we have the top option "Default System Setting" So where is the default system setting? I can not find any controls for this in WHM.
 

quietFinn

Well-Known Member
Feb 4, 2006
1,327
141
193
Finland
cPanel Access Level
Root Administrator
Assuming you have root WHM you go to:
Service Configuration-> Apache Configuration-> Global Configuration-> Directory “/” Options