passenger is listing all the public folder files

Hello everyone please ignore my noobness, this is very first time i am deploying RailsApp;

I have used apache and phussion passenger with rvm, here is my virtual host configurations that i added in apache2.conf,

Before this it was giving me forbidden access error 403, i googled and found that it is permissions issue so i run chmod -R 640 /root and after that it started listing my public folder files.

   LoadModule passenger_module /usr/local/rvm/gems/ruby-1.9.3-p194/gems/passenger-4.0.8/buildout/apache2/mod_passenger.so
   PassengerRoot /usr/local/rvm/gems/ruby-1.9.3-p194/gems/passenger-4.0.8
   PassengerDefaultRuby /usr/local/rvm/wrappers/ruby-1.9.3-p194/ruby

   <VirtualHost *:80>
      ServerName mydoctor
      # !!! Be sure to point DocumentRoot to 'public'!
      DocumentRoot /root/mydoctor/public    
      <Directory /root/mydoctor/public>
         # This relaxes Apache security settings.
         AllowOverride all
         # MultiViews must be turned off.
         Options -MultiViews
      </Directory>
   </VirtualHost>

Any suggestions please, much appreciated.

Thanks

Solution 1:

It is very strange to have a webroot in /root. Typically this folder, being root's home directory, is a folder used for things only root may have any access at all to; you may have created a security risk.

If you want to prevent directory listings from being shown, you should add the -Indexes option to your options directive for the directory (which is currently just -MultiViews).

You may also want to set a default document or something; otherwise instead of a directory listing you will just get a 403 Forbidden error.