Prevent Apache from serving .DS_Store files

May 30, '03 10:10:00AM

Contributed by: CJLinst

I was just looking at the directory listing in a shared web directory, and a .DS_Store file caught my eye. The default OS X httpd.conf allows these files to be served. This might be a security hole, particularly if directory listings are denied. One could inadvertently give prying eyes a glimpse of the files in the directory that one would rather not make public. To prevent this, /etc -> httpd -> httpd.conf should probably contain:

<Files .DS_Store>
    Order allow,deny
    Deny from all
    Satisfy All
</Files>
Remember to restart Apache after making this change, either with the GUI tools or just by typing sudo apachectl graceful in the Terminal.

Comments (10)


Mac OS X Hints
http://hints.macworld.com/article.php?story=20030528144052271