I have a 3rd party client who did a PCI scan on their site. The report returned this:
web server autoindex enabled
What is this and is it safe to disable it? Does anyone know the safest way to disable it, and how I can check it has been disabled?
autoindex generates directory indexes, automatically, similar to the Unix ls command or the Win32 dir shell command. From:
http://httpd.apache.org/docs/2.2/mod/mod_autoindex.html
You'd comment out the line in your conf/http.conf that references mod_autoindex, and restart/reload the service.
The only reason you'd want this is if you want people browsing your web directories (eg, stripping off a resource, and navigating to the parent dir).