How to avoid apache2 revealing hidden directory and/or file structure

Posted by matnagel on Server Fault See other posts from Server Fault or by matnagel
Published on 2010-03-31T16:10:57Z Indexed on 2010/03/31 16:13 UTC
Read the original article Hit count: 575

Filed under:
|

When someone fetches a denied URL that exists, he gets:

Forbidden

You don't have permission to access /admin/admin.php on this server.
Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.9 with Suhosin-Patch Server

When someone goes to a URL that does not exist he will get:

Not Found

The requested URL /notexisting/notthere.php was not found on this server.
Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.9 with Suhosin-Patch Server 

This way someone can find out information about the directory structure in an area, that is actually not open to the public. Is this true?

If I were paranoid, what could I do? Just curious.

© Server Fault or respective owner

Related posts about apache2

Related posts about security