I suppose this is more of a house keeping question, but here it goes.
If I create a backup file of my
index.html.bak, is it possible that someone from the outside using
http on my apache2 server is able to list the contents of my
/var/www directory? I currently know no method of doing this, but this could be due to my lack of experience in this area. Should I store files that need not to be in view somewhere else?
Currently, the only feasible way I can think that someone might discover the file is if there was an explicit link somewhere pointing to the file. How visible is my web directory?
If you specify
Options -Indexes for the
Directory in question, then Apache will not generate a directory listing. However, if someone guesses the filename they could still access it if the operating system allows the web server to access the file.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.