Outdated TYPO3 Version
This documentation refers to an outdated TYPO3 version - either select a supported version or make sure to use a TYPO3 Extended Long Term Support (ELTS) version to continue getting security updates.
Depending on the operating system and distribution, the default configuration of Apache allows the indexing of directories. This enables search engines to index your file structure and possibly reveals sensitive data. The screenshot below shows an example of such data that can be retrieved with a simple HTTP request.
In this case only the list of extensions is revealed, but more sensitive data can be found easily. The Apache configuration allows you to enable or disable the indexing of directories by the “Options” directive as shown in the following example:
<Directory /path/to/your/webroot/> Options Indexes FollowSymLinks </Directory>
By removing the “Indexes” option, Apache does not show the list of files and directories. Please note that the “Options” directive can be used in several containers (e.g. <VirtualHost>, <Directory>, <Location>, etc.). The correct configuration could look like the following example:
<Directory /path/to/your/webroot/> Options FollowSymLinks </Directory>
If your specific website requires directory indexing at other places outside TYPO3, you should consider to deactivate this option in general but explicitly allow indexing for the required directories only.
Other web servers such as Microsoft Internet Services (IIS) allow similar configurations. See your web server’s manual for further details on how to disable directory indexing.