Symptoms
The icons/ directory of Apache HTTP server is indexed, causing various web server scanners report possible vulnerabilities.
Cause
The Apache HTTP server indexes this directory by default to make it possible to use its content (images) by various sites running on the server.
Resolution
OA does not use this ability, so you can simply turn off the indexing for the directory.
- Log in as
root
to the server where the brands reside. If the /etc/httpd/conf.d/autoindex.conf file exists (httpd 2.4.* and later), rename it:
# mv /etc/httpd/conf.d/autoindex.conf /etc/httpd/conf.d/autoindex.conf.save
if not, then open the /etc/httpd/conf/httpd.conf file, and comment the following line:
Alias /icons/ "/usr/share/httpd/icons/"
by adding the # symbol at the beginning of the line:
#Alias /icons/ "/usr/share/httpd/icons/"
Restart the Apache HTTP server:
# service httpd restart