How visible is my /var/www to the outside world?

updated on

Chad Harrison asked:

I suppose this is more of a house keeping question, but here it goes.

If I create a backup file of my index.html called index.html.bak, is it possible that someone from the outside using http on my apache2 server is able to list the contents of my /var/www directory? I currently know no method of doing this, but this could be due to my lack of experience in this area. Should I store files that need not to be in view somewhere else?

Currently, the only feasible way I can think that someone might discover the file is if there was an explicit link somewhere pointing to the file. How visible is my web directory?

My answer:

If you specify Options -Indexes for the Directory in question, then Apache will not generate a directory listing. However, if someone guesses the filename they could still access it if the operating system allows the web server to access the file.

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

Related Post

Enabling KVM nested virtualization for one guest without halting/rebooting all of them

Why can't I install libdwarf.so.0 and libdwarf.so.1 at the same time?

Passwordless SSH not working – keys copied and permissions set

Systemd stop/disable all templated services that don't match a variable

Recommended method for routing www to zone apex (naked domain) using AWS Route 53

What does http code 206 (partial content) really mean?