How to disable the default document root in Apache?

security apache-2.2 httpd.conf documentroot

Thanks for the other answers. I solved it by adding a default virtual host without any permissions. The global DocumentRoot and ServerName options must match the ones specified in the virtual host.

/etc/httpd/conf/httpd.conf

...
ServerName <server-ip>:80

DocumentRoot "/var/www/html"

<Directory />
    Order Deny,Allow
    Deny from all
    Options None
    AllowOverride None
</Directory>
...

/etc/httpd/conf.d/default.conf

<VirtualHost *:80>
        ServerName <server-ip>
        DocumentRoot /var/www/html
</VirtualHost>

This way, I get a 403 Forbidden message when the server is accessed by it's ip directly, which is exactly what I wanted. It would be even better if I wouldn't need /var/www/html an existing directory for that, but Apache complains if I specify something like /dev/null instead.


Yes and No.

You can comment out or remove the DocumentRoot directive, no problem. But that doesn't achieve much, because then it will default to the default directory PREFIX/htdocs/ where PREFIX is set when you build apache.

When you have VirtualHosts set up all requests that are not handled by an explicitly configured virtual host get handled by the default virtualhost (which is typically the first one, but httpd -S will tell you).

Related

Windows 10: AD Domain Admin with missing rights?
Can you run Fiber between two different types of switches?
What next after a Windows domain account has been compromised?
Linux goes to swap while plenty of RAM installed
What is the best (free) tool to wrap an .exe into a MSI?
Tough Choice: Xen or KVM
Good low power server/pc for firewall? [closed]
Encrypted Remote Backups via Rsync?
Activating Windows 7: KMS vs. MAK
VMware ESXi - vSphere - Can't exit VM console access
What does the "@" sign mean in ls -l output?
List supported terminal types?