One of the features of Apache that can cause security issues (or at least those who audit security issues may complain about it) is the ability to produce a file listing of a directory if there is no index page in place :-
This can be turned off by removing the Apache option “Indexes”; search the Apache configuration directory (assumed to beĀ /etc/apache2) for a file containing that word :-
# find . -type f -exec grep -li Indexes {} \;
./sites-available/observium.iso.port.ac.uk.conf
./sites-available/nss.eps.is.port.ac.uk.conf
./mods-available/autoindex.conf
./mods-available/userdir.conf
Check each file for an active Indexes option :-
Options Indexes FollowSymLinks
And remove the “Indexes”.
Restart Apache in the usual way (apachectl configtest and if that comes back Okay, then apachectl graceful).