Security and privacy

Report page visible to web

 
Picture of Ken Task
Re: Report page visible to web
Particularly helpful Moodlers

Welcome.

It's not a "page" but an Apache setting that allows the web service to display the contents of a directory without a default index page .. like index.html or index.php (default.html or default.php on Windows platforms).

And, yes, one can find directories in Moodle code that don't have a default index.html file nor a default index.php in them.

Some consider that setting in Apache to be a security issue and not desired behavior they want their web server to exhibit.   Others not so much so.

If one knows how to use that, could be of benefit depending upon your view of security.

Please see:
https://wiki.apache.org/httpd/DirectoryListings

Real life usage ... I have a directory called 'docs' that I use to copy readme files from various open source apps installed on server.  I link directly to files there from a system Admin course(s) in moodles.   The directory itself would be served out, but I don't ewant Google to index .. instead, I link directly to files contained therein.

Don't mind sharing what that looks like:
https://sos.tcea.org/docs/
begets a "Yep!" page.  That's the index.html file.

https://sos.tcea.org/docs/solrreadme.txt
however, I can read the readme of solr via browser while I am working via command line on solr and have that readme as reference to revisit solr should I need to.
(that's an old solr readme BTW).

Now to protect that area further, I could use an .htaccess file there that would restrict access by IP address so that only my home connection IP would be granted access to anything in that directory. Note: that is also something else one should not use with Moodle unless you know what you are doing.

BTW, I use that server daily ... I do get a daily logwatch report ... and if I were to see too much poking and probing at the server I do have the ability to 'blackhole' an IP address or blocks of IP addresses from even seeing the server at the network level.  Linux is capable of being a router.

I have done that with that server.  There are certain IP's and blocks of IP's that can no longer see that server.

'spirit of sharing', Ken


 
Average of ratings: -