pythonapache2flaskmod-wsgidirectory-browsing

How to disable directory browsing for a flask application hosted using apache mod_wsgi for CNAME access from a different domain


Something weird is happening with my flask application that I have hosted using apache mod_wsgi on Ubuntu. I have a virtualhost setup with my flask app imported to it. My virtualhost is present is /etc/apache2/sites-available/ and has been enabled. The file is this:

<VirtualHost *:80>
    ServerName domain1.com

    WSGIDaemonProcess app user=flask group=www-data threads=5 home=/var/www/app
    WSGIScriptAlias / /var/www/app/app.wsgi

    <Directory /var/www/app>
        WSGIProcessGroup app
        WSGIApplicationGroup %{GLOBAL}
        WSGIScriptReloading On
        Order deny,allow
        Allow from all
    </Directory>
</VirtualHost>

My application works perfectly fine when I access it using domain1.com. However, if I have a domain2.com with a CNAME record pointing to domain1.com, I can view the directories and files when domain2.com is accessed. Similarly, when I change the ServerName to domain2.com, the directory listing is visible from domain1.com.

I've been advised to edit the httpd.conf file and remove the Indexes entry or change it to -Indexes to turn off the directory browsing but the file is empty. I would like the app to work only from the domain specified in the ServerName and not from any other domain name pointing to it. Please advise.


Solution

  • The advice given is correct but I believe on Ubuntu the default virtual host is in /etc/apache2/apache2.conf or /etc/apache2/sites-available/default. what's happening is that because both domains resolve to the same ip, domain2 picks up the default Apache configuration because it doesn't have its own virtual host.

    You could also prevent this by moving the document root of domain1 to a different location but its a good idea to turn off the indexes in any case.