Webserver changes

Traditionally our webservers have allowed indexing by default. This behavior can result in unintentional information leaks. We have disabled the default behavior though you can re-enable it for your own site if you desire. Instructions can be found in our Wiki at <https://wiki.sonic.net/wiki/Directory_Indexes>

-System Operations

3 comments for “Webserver changes

  1. A very interesting change, indeed.
    I do not currently host any of web sites at Sonic.net, but you are my primary provider.

    I most strongly suggest that you:
    1. Not make such changes without prior notice.
    2. Provide considerably more discussion of the issue to educate us dumb users.

    I’m in Maui, HI now, at relative peace.
    Have fun at my site http://MauiCat.com/

    Aloha, Jeffrey

  2. Could you explain this change, please?

    What unintentional information leaks may have occurred?
    What are the benefits of indexing?

    Thanks,
    Glen

  3. Indexing means the server will display files in a directory when there is no index file to read. i.e. what you can see at http://mirrors.sonic.net/

    If there are files in the directory with sensitive information and the index file is removed or there is no index file such as in a sub directory of a website that is also not controlled by an .htaccess file those could have been potentially read by others.

    Indexing can be beneficial in situations where you want the files to be read/viewable such as the mirrors example above. I hope this helps explain.

Leave a Reply

Your email address will not be published.

*