• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Resolved Plesk is listing directory /usr/share/httpd/icons

Nilton Santos

Nilton Santos

Basic Pleskian
Hi everybody,

I noticed that all sites hosted on plesk servers are listing the contents of the folder /usr/share/httpd/icons when accessed through the link: http://domain.com/icons/
Even if the folder icons does not exist on site

Could someone please let me know if this behavior is normal, because We use a tool that is identifying this folder as unsafe.
 

Attachments

  • icons_list.png
    icons_list.png
    82.4 KB · Views: 16
Hi Nilton Santos,

could you pls. let us know, HOW you checked this behaviour? ( step-by-step, pls. ), so we could confirm your statement? And could you pls. name the "tool", that "We use a tool that is identifying this folder as unsafe" ?
 
Can't reproduce it on test Plesk servers. Need more details.
 
Hello Nilton,

Please check the following documentations:
https://kb.odin.com/en/130400
https://blog.cotten.io/why-is-apache-vulnerable-by-default-743eec222013#.d4d2urirj

Apache includes Fancy Indexes and the /icons folder has a specific override in /etc/httpd/conf.d/autoindex.conf

In my opinion to solve this problem you can choose between two alternatives as follows:

1- Resolving globally by editing the file /etc/httpd/conf.d/autoindex.conf

From:

# We include the /icons/ alias for FancyIndexed directory listings. If
# you do not use FancyIndexing, you may comment this out.
#
Alias /icons/ "/usr/share/httpd/icons/"

<Directory "/usr/share/httpd/icons">
Options Indexes MultiViews FollowSymlinks
AllowOverride None
Require all granted
</Directory>


To:

# We include the /icons/ alias for FancyIndexed directory listings. If
# you do not use FancyIndexing, you may comment this out.
#
Alias /icons/ "/usr/share/httpd/icons/"

<Directory "/usr/share/httpd/icons">
Options -Indexes MultiViews FollowSymlinks
AllowOverride None
Require all granted
</Directory>

Remember to restart apache

(Ref: https://blog.cotten.io/why-is-apache-vulnerable-by-default-743eec222013#.d4d2urirj)

2- By domain

Through the Plesk Panel go to:
Domains > domain.tld > Apache & nginx Settigs

<Directory "/usr/share/httpd/icons">
Options -Indexes
</Directory>


I hope it helps
 
Tanks everybody,

Question was solved add the follow option on Apache settings:

2- By domain

Through the Plesk Panel go to:
Domains > domain.tld > Apache & nginx Settigs

<Directory "/usr/share/httpd/icons">
Options -Indexes
</Directory>

Tanks a lot Rafael.
 
You must log in or register to reply here.

Similar threads

Oscar Segura
Issue Upgrading from Ubuntu 20.04 to 22.04: failed reboot
Replies
0
Views
937
Oscar Segura
Oscar Segura
VirtualHorror
Issue Plesk backup issue - taking too long to list files of a particular website
2
Replies
20
Views
3K
VirtualHorror
VirtualHorror
Lenny
Resolved Seeking Assistance with API Communication Issues via SSL on Plesk
Replies
4
Views
675
Lenny
Lenny
S
Question Icons not loading after AWS CDN enabled for WordPress website
Replies
1
Views
2K
afuego
afuego
Dennis Rahmen
Issue Kolab (Apheleia IT AG) extensions
Replies
8
Views
3K
drdna
D
Back
Top