How to avoid apache2 revealing hidden directory and/or file structure
Posted
by matnagel
on Server Fault
See other posts from Server Fault
or by matnagel
Published on 2010-03-31T16:10:57Z
Indexed on
2010/03/31
16:13 UTC
Read the original article
Hit count: 575
When someone fetches a denied URL that exists, he gets:
Forbidden
You don't have permission to access /admin/admin.php on this server.
Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.9 with Suhosin-Patch Server
When someone goes to a URL that does not exist he will get:
Not Found
The requested URL /notexisting/notthere.php was not found on this server.
Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.9 with Suhosin-Patch Server
This way someone can find out information about the directory structure in an area, that is actually not open to the public. Is this true?
If I were paranoid, what could I do? Just curious.
© Server Fault or respective owner