Symptoms

The icons/ directory of Apache HTTP server is indexed, causing various web server scanners report possible vulnerabilities.

Cause

The Apache HTTP server indexes this directory by default to make it possible to use its content (images) by various sites running on the server.

Resolution

OA does not use this ability, so you can simply turn off the indexing for the directory.

  1. Log in as root to the server where the brands reside.

  2. If the /etc/httpd/conf.d/autoindex.conf file exists (httpd 2.4.* and later), rename it:

    # mv /etc/httpd/conf.d/autoindex.conf /etc/httpd/conf.d/autoindex.conf.save

    if not, then open the /etc/httpd/conf/httpd.conf file, and comment the following line:

    Alias /icons/ "/usr/share/httpd/icons/"

    by adding the # symbol at the beginning of the line:

    #Alias /icons/ "/usr/share/httpd/icons/"

  3. Restart the Apache HTTP server:

    # service httpd restart

Internal content