Nope.
On 12 March 2010 11:10, patrick keshishian <pkesh...@gmail.com> wrote:
> does disabling this option /really/ improve security?
>
>
> On Fri, Mar 12, 2010 at 9:41 AM, Brad Tilley <b...@16systems.com> wrote:
>> When ran against default OpenBSD servers that have Apache enabled,
>> vulnerability assessment software (Nessus, Rapid7, etc.) complain about
>> "browesable web directories". The concern is that someone may
>> accidentally place inappropriate files in the web directories that will
>> then be visible to others. Would it be a good idea to remove the Indexes
>> option from httpd.conf? Admins may enable the option later if they like:
>>
>> # cvs diff -Nup httpd.conf
>> Index: httpd.conf
>> ===================================================================
>> RCS file: /cvs/src/usr.sbin/httpd/conf/httpd.conf,v
>> retrieving revision 1.26
>> diff -N -u -p httpd.conf
>> --- httpd.conf 3 Jun 2009 18:28:21 -0000 1.26
>> +++ httpd.conf 12 Mar 2010 17:39:06 -0000
>> @@ -396,7 +396,7 @@ DocumentRoot "/var/www/htdocs"
>> # Note that "MultiViews" must be named *explicitly* --- "Options All"
>> # doesn't give it to you.
>> #
>> - Options Indexes FollowSymLinks
>> + Options FollowSymLinks
>>
>> #
>> # This controls which options the .htaccess files in directories can
>> @@ -601,7 +601,7 @@ CustomLog logs/access_log common
>> Alias /icons/ "/var/www/icons/"
>>
>> <Directory "/var/www/icons">
>> - Options Indexes MultiViews
>> + Options MultiViews
>> AllowOverride None
>> Order allow,deny
>> Allow from all
