위키
포럼
도구
바뀐글
랜덤

"아파치 디렉토리 브라우징 막기"의 두 판 사이의 차이

잔글 (봇: 자동으로 텍스트 교체 (-==참고 자료== +==참고==))
 
(사용자 2명의 중간 판 22개는 보이지 않습니다)
1번째 줄: 1번째 줄:
;how to disable directory browsing in apache
;how to disable directory browsing in apache
;아파치 디렉토리 브라우징 막기
;아파치 디렉토리 브라우징 막기
;아파치 디렉토리 파일 목록 안보이게 하기
;Apache 디렉토리 보안 설정


==방법==
==문제상황==
*[[httpd.conf]]에서 /var/www/html Directory 관련 부분을 제거
*browsing_test 폴더를 만들고 그 안에 greet.txt 파일 생성
<source lang='console'>
root@zetawiki:~# mkdir /var/www/html/browsing_test
root@zetawiki:~# touch /var/www/html/browsing_test/greet.txt
</source>
*browsing_test 폴더를 호출하여 greet.txt 파일이 보이는지 확인
<source lang='console'>
root@zetawiki:~# curl 'http://localhost/browsing_test/' -s | grep greet
<tr><td valign="top"><img src="/icons/text.gif" alt="[TXT]"></td><td><a href="greet.txt">greet.txt</a></td><td align="right">2015-12-07 00:56  </td><td align="right">  0 </td><td>&nbsp;</td></tr>
</source>
:→ 보인다... 보안상 허점이 될 수 있음


;수정 전
==해결방법 (CentOS)==
<source lang='autoconf'>
*[[httpd.conf]] 확인
... (생략)
<source lang='console'>
#
[root@zetawiki ~]# cat /etc/httpd/conf/httpd.conf | egrep -v "^[[:space:]]*$" | grep -v ^# | grep '<Directory "/var/www/html">' -A4
# This should be changed to whatever you set DocumentRoot to.
#
<Directory "/var/www/html">
<Directory "/var/www/html">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
#  Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important.  Please see
# http://httpd.apache.org/docs/2.2/mod/core.html#options
# for more information.
#
     Options Indexes FollowSymLinks
     Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
#  Options FileInfo AuthConfig Limit
#
     AllowOverride None
     AllowOverride None
#
# Controls who can get stuff from this server.
#
     Order allow,deny
     Order allow,deny
     Allow from all
     Allow from all
... (생략)
</source>
</source>
*httpd.conf 사본 만들고 Indexes 옵션 제거
<source lang='console'>
[root@zetawiki ~]# cp -a /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.old
[root@zetawiki ~]# sed -i 's/Options Indexes FollowSymLinks/Options FollowSymLinks/g' /etc/httpd/conf/httpd.conf
[root@zetawiki ~]# diff /etc/httpd/conf/httpd.conf.old /etc/httpd/conf/httpd.conf
332c332
<    Options Indexes FollowSymLinks
---
>    Options FollowSymLinks
</source>
*아파치 재시작
<source lang='console'>
[root@zetawiki ~]# service httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]
</source>
*확인 2
<source lang='console'>
[root@zetawiki ~]# curl 'http://localhost/static/' -s | head -7
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /static/
on this server.</p>
</source>
:→ 디렉토리 접근시 403 오류 발생함


;수정 후
==해결방법 (우분투)==
<source lang='autoconf'>
*[[apache2.conf]] 확인
... (생략)
<source lang='console'>
#
root@zetawiki:~# cat /etc/apache2/apache2.conf | grep 'Directory /var/www/' -A4
# This should be changed to whatever you set DocumentRoot to.
<Directory /var/www/>
#
Options Indexes FollowSymLinks
#<Directory "/var/www/html">
AllowOverride None
 
Require all granted
#
</Directory>
# Possible values for the Options directive are "None", "All",
</source>
# or any combination of:
*사본 만들고 편집
#  Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
<source lang='console'>
#
root@zetawiki:~# cp -ai /etc/apache2/apache2.conf /etc/apache2/apache2.conf.old
# Note that "MultiViews" must be named *explicitly* --- "Options All"
root@zetawiki:~# vi /etc/apache2/apache2.conf
# doesn't give it to you.
</source>
#
<source lang='aconf'>
# The Options directive is both complicated and important.  Please see
# http://httpd.apache.org/docs/2.2/mod/core.html#options
# for more information.
#
#    Options Indexes FollowSymLinks
 
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
#   Options FileInfo AuthConfig Limit
#
#    AllowOverride None
 
#
# Controls who can get stuff from this server.
#
#    Order allow,deny
#    Allow from all
 
#</Directory>
... (생략)
... (생략)
<Directory /var/www/>
        Options FollowSymLinks
        AllowOverride None
        Require all granted
</Directory>
</source>
*변경 내용 확인
<source lang='console'>
root@zetawiki:~# diff /etc/apache2/apache2.conf.old /etc/apache2/apache2.conf
165c165
< Options Indexes FollowSymLinks
---
> Options FollowSymLinks
</source>
*아파치 재시작 후 확인
<source lang='console'>
root@zetawiki:~# apachectl restart
root@zetawiki:~# curl 'http://localhost/browsing_test/' -s | grep greet
root@zetawiki:~# curl 'http://localhost/browsing_test/' -s
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /browsing_test/
on this server.</p>
</body></html>
</source>
</source>
:→ 주석처리 하지 말고 삭제해도 된다.


;아파치 재시작
==같이 보기==
<source lang='dos'>
*[[httpd.conf]]
[root@jmnote ~]# service httpd restart
*[[아파치 버전 숨기기]]
Stopping httpd:                                            [ OK  ]
*[[리눅스 html2text]]
Starting httpd:                                            [ OK  ]
</source>


==참고 자료==
==참고==
*http://www.linuxscrew.com/2008/06/03/faq-how-to-disable-directory-browsing-in-apachehttpd/
*http://www.linuxscrew.com/2008/06/03/faq-how-to-disable-directory-browsing-in-apachehttpd/


[[분류: 아파치]]
[[분류: 아파치]]

2017년 7월 19일 (수) 01:22 기준 최신판

how to disable directory browsing in apache
아파치 디렉토리 브라우징 막기
아파치 디렉토리 파일 목록 안보이게 하기
Apache 디렉토리 보안 설정

1 문제상황[ | ]

  • browsing_test 폴더를 만들고 그 안에 greet.txt 파일 생성
root@zetawiki:~# mkdir /var/www/html/browsing_test
root@zetawiki:~# touch /var/www/html/browsing_test/greet.txt
  • browsing_test 폴더를 호출하여 greet.txt 파일이 보이는지 확인
root@zetawiki:~# curl 'http://localhost/browsing_test/' -s | grep greet
<tr><td valign="top"><img src="/icons/text.gif" alt="[TXT]"></td><td><a href="greet.txt">greet.txt</a></td><td align="right">2015-12-07 00:56  </td><td align="right">  0 </td><td>&nbsp;</td></tr>
→ 보인다... 보안상 허점이 될 수 있음

2 해결방법 (CentOS)[ | ]

[root@zetawiki ~]# cat /etc/httpd/conf/httpd.conf | egrep -v "^[[:space:]]*$" | grep -v ^# | grep '<Directory "/var/www/html">' -A4
<Directory "/var/www/html">
    Options Indexes FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
  • httpd.conf 사본 만들고 Indexes 옵션 제거
[root@zetawiki ~]# cp -a /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.old
[root@zetawiki ~]# sed -i 's/Options Indexes FollowSymLinks/Options FollowSymLinks/g' /etc/httpd/conf/httpd.conf
[root@zetawiki ~]# diff /etc/httpd/conf/httpd.conf.old /etc/httpd/conf/httpd.conf
332c332
<     Options Indexes FollowSymLinks
---
>     Options FollowSymLinks
  • 아파치 재시작
[root@zetawiki ~]# service httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]
  • 확인 2
[root@zetawiki ~]# curl 'http://localhost/static/' -s | head -7
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /static/
on this server.</p>
→ 디렉토리 접근시 403 오류 발생함

3 해결방법 (우분투)[ | ]

root@zetawiki:~# cat /etc/apache2/apache2.conf | grep 'Directory /var/www/' -A4
<Directory /var/www/>
	Options Indexes FollowSymLinks
	AllowOverride None
	Require all granted
</Directory>
  • 사본 만들고 편집
root@zetawiki:~# cp -ai /etc/apache2/apache2.conf /etc/apache2/apache2.conf.old
root@zetawiki:~# vi /etc/apache2/apache2.conf

... (생략)
<Directory /var/www/>
        Options FollowSymLinks
        AllowOverride None
        Require all granted
</Directory>
  • 변경 내용 확인
root@zetawiki:~# diff /etc/apache2/apache2.conf.old /etc/apache2/apache2.conf
165c165
< 	Options Indexes FollowSymLinks
---
> 	Options FollowSymLinks
  • 아파치 재시작 후 확인
root@zetawiki:~# apachectl restart
root@zetawiki:~# curl 'http://localhost/browsing_test/' -s | grep greet
root@zetawiki:~# curl 'http://localhost/browsing_test/' -s
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /browsing_test/
on this server.</p>
</body></html>

4 같이 보기[ | ]

5 참고[ | ]

원본 주소 "https://zetawiki.com/w/index.php?title=아파치_디렉토리_브라우징_막기&oldid=286435"
문서 댓글 ({{ doc_comments.length }})
{{ comment.name }} {{ comment.created | snstime }}