Disable Web Server Directory Listing

Depending on what is being stored inside the snapshot database it would be wise to disable the web server directory listing via .htaccess, this is typically disabled on most web servers upon installation but not all and could enable malicious users to grab a copies of the mysql snapshot file and I’ve found tons of sites with the file in plain view using a simple google search.

To disable directory listing inside Apache, please insert the following into the .htaccess file:

Options -Indexes

Even dropping a blank index file may do the trick, but I remember reading something back that index files could be bypassed to show directories, so i’d stick with disabling directory listing altogether who knows what other sensitive directories may be available…