IBM Security Access Manager for Enterprise Single Sign-On, Version 8.2

Disabling directory browsing

You can choose not to enable the directory traversal option in the IBM® HTTP Server httpd.conf configuration file on the web server.

About this task

If the remote IBM HTTP Server administrator permissions are granted in the WebSphere® Application Server, you can also edit httpd.conf from the administrative console. For deployments with multiple web servers, you must apply the same change on each web server.

Procedure

  1. Log on to the WebSphere Administrative Console.
  2. Click Servers > Server Types > Web servers.
  3. Choose the Web server.
  4. In Additional Properties, click Configuration File.
  5. Locate the following Options directive with the Indexes parameter. 
     Options Indexes FollowSymLinks
  6. Replace the Indexes parameter with -Indexes. 
     Options -Indexes FollowSymLinks
  7. Click OK.
  8. In the messages box, click Save.
  9. Restart the IBM HTTP Server.
Parent topic: Configuring a secure deployment

Feedback