[BlueOnyx:25295] Re: Disable the /icons directory server wide
Michael Stauber
mstauber at blueonyx.it
Tue Jan 11 20:23:19 -05 2022
Hi Richard,
> There appears to be a directory /icons available from all sites. For
> example: https://www.blueonyx.it/icons/ <https://www.blueonyx.it/icons/>
>
> A security review of our applications showed it as a medium risk. I was
> wondering, what is the correct way to remove this?
>
> I’ve added an empty index.html to /usr/share/httpd/icons but that
> doesn’t feel correct. Any idea if these are even necessary? They could
> be disabled in /etc/conf.d
Check /etc/httpd/conf.d/autoindex.conf on a 5209R. Find this line and
comment it out:
Alias /icons/ "/usr/share/httpd/icons/"
Then - after a "systemctl restart httpd" - the directory should no
longer be reachable.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list