Apache configuration

Ensure the filestore is not browseable by disabling indexing

This can be done by either disabling the autoindex module:

sudo a2dismod --force autoindex
systemctl restart apache2

Or by setting the directory's options directive

sudo nano /etc/apache2/apache2.conf

Adding in -Indexes to the web directory location

<Directory /var/www/resourcespace>
    Options -Indexes
</Directory>

The following locations don't need to be accessed from a web browser:

  • /batch
  • /include
  • /upgrade
  • /languages
  • /tests

This can be achieved by editing the apache .conf file, e.g:

<Directory /var/www/resourcespace/batch>
        Require all denied
</Directory>

Or by adding a .htaccess file to the directory with the following contents:

Deny from all

Block access to all .svn files

Add the folowing to your apache .conf file:

<Directorymatch "^/.*/\.svn/">
      Order 'deny,allow'
      Deny from all
</Directorymatch>