> Yes we are, while we are at it we can ship an http.conf file that wil > only listen on port 8000 on localhost when the daemon comes up as > well, and that would be super obscure as well, and it would only read > index files ending in .HolyFuck, and we'd ship a mime types > where HolyFuck was html, so people accidentally didn't put html files > in there without changing the mime types, etc etc. etc.
No, we are not. You're still talking about something else. Disabled Indexes: "Don't show the content of EVERY single folder" = Security First = Default => OpenBSD Suggesting disabling it is one of the most common security tips of Apache security articles/books, "20 ways to Secure your Apache Configuration", "Ten tips for securing Apache", and so on and so forth.. When directory browsing is enabled, users that browse to a directory that does not contain a default document are instead provided with a complete list of the contents of that directory. Google can (and will) index directories you do NOT want indexed: WordPress plugin dirs, your own custom web administration dirs, for instance. intitle:index.of "parent directory" - this query will return all web pages where directory listing is enabled and contains the keywords parent directory. Oh, but someone will still need it ON after all those risks? It seems like it wouldn't be that hard; httpd.conf: - Options FollowSymLinks + Options Indexes FollowSymLinks (Just like how you 'httpd -u' when you don't like a jailed Apache. It comes jailed/closed, you open it manually, if you wish) - Ozgur
