Hide website listing in Amazon EC2 AMI

By default Amazon’s AMI allows directory listings for your website. In WordPress this exposes you /wp-content/uploads folder to the web. Not a big deal but could be a security risk if you upload anything sensitive to your site for some reason. You need to change the default httpd.conf file:

sudo nano /etc/httpd/conf/httpd.conf

Change the following line:

Options Indexes FollowSymLinks


Options FollowSymLinks

as shown below (I’ve left the original line commented out)

# Further relax access to the default document root:
<Directory "/var/www/html">
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.4/mod/core.html#options
# for more information.
#Options Indexes FollowSymLinks
Options FollowSymLinks

Restart your webserver:

sudo service httpd restart

Leave a Reply

Your e-mail address will not be published. Required fields are marked *