Learn how to disable the server indexing of the "icons" directory in Apache.

Today I'll share with you an interesting detail of the apache web server that not everyone knows, otherwise, I wouldn't write about this. Apache comes by default with a lot of default stuff preconfigured, one of those things is the /icons alias. For example, if we are in our local environment with XAMPP, if you start the Apache service, you will be able to navigate to the following address http://localhost/icons/, where you will see a directory listing of all the icons that are at C:\xampp\apache\icons:

Apache Icons Alias

So what's the problem with this? Consider that you are now in a production environment, where the same alias exists. If you have a directory structure like the following one:

mywebsite/
├── icons/
│   └── customicon.png
└── index.html

If we request the customicon.png file at our website (https://example.com/icons/customicon.png), the request will always fail as the icon indeed, in our directory structure exists, but because of the Xampp ICONS alias, the customicon.png doesn't exist really at the apache icons directory (if you try however with one of the icons from the apache directory e.g https://example.com/icons/alert.black.gif, the request will work).  So, if your server uses Apache as the webserver and the alias exists, it's very probable that if you execute the following request https://yourwebsite/icons/alert.black.gif , you will receive an image as a response.

The solution for many would be to simply use another directory to store your own icons, like /icon instead of /icons. However, the proper solution to this would be to simply remove the icons alias of apache as nowadays, no one uses the apache icons.

Removing the alias of apache in XAMPP

The alias of apache for the icons directory is located in the C:\xampp\apache\conf\extra\httpd-autoindex.conf file. You will find around line #20 the instruction of the alias:

# We include the /icons/ alias for FancyIndexed directory listings.  If
# you do not use FancyIndexing, you may comment this out.
#
Alias /icons/ "C:/xampp7411/apache/icons/"

<Directory "C:/xampp7411/apache/icons">
    Options Indexes MultiViews
    AllowOverride None
    Require all granted
</Directory>

Be sure to comment on all of it placing a number symbol on every line like this:

# We include the /icons/ alias for FancyIndexed directory listings.  If
# you do not use FancyIndexing, you may comment this out.
#
#Alias /icons/ "C:/xampp7411/apache/icons/"

#<Directory "C:/xampp7411/apache/icons">
#    Options Indexes MultiViews
#    AllowOverride None
#    Require all granted
#</Directory>

Save the changes in the file and restart apache through the XAMPP control panel. After that, the alias shouldn't exist anymore.

Removing the alias of apache in Plesk

If your server is powered by Plesk and you are in Ubuntu/Debian, the alias file is located in a different directory. Create a backup of the original file with the following command:

cp /etc/apache2/mods-available/alias.conf /etc/apache2/mods-available/alias.conf.bak

Then, all that you need to do is to edit the alias.conf file with the following command:

nano /etc/apache2/mods-available/alias.conf

You will find in the mentioned file the following lines:

Alias /icons/ "/usr/share/apache2/icons/"

<Directory "/usr/share/apache2/icons">
    Options FollowSymlinks
    AllowOverride None
    Require all granted
</Directory>

You need to comment them out placing a number symbol on every line like this:

#Alias /icons/ "/usr/share/apache2/icons/"

#<Directory "/usr/share/apache2/icons">
#    Options FollowSymlinks
#    AllowOverride None
#    Require all granted
#</Directory>

Save the changes in the file and then restart the apache service with the following command:

service apache2 reload

Removing the alias from apache in CentOS

In CentOS, the Apache service name is httpd instead of apache. So the file to edit in this case is in a different location as well:

nano /etc/httpd/conf/httpd.conf

You will find the following lines in there:

Alias /icons/ "/usr/share/httpd/icons/"

<Directory "/usr/share/httpd/icons/">
    Options FollowSymlinks
    AllowOverride None
    Require all granted
</Directory>

You need to comment them out as well:

#Alias /icons/ "/usr/share/httpd/icons/"

#<Directory "/usr/share/httpd/icons/">
#    Options FollowSymlinks
#    AllowOverride None
#    Require all granted
#</Directory>

Happy coding ❤️!


Senior Software Engineer at Software Medico. Interested in programming since he was 14 years old, Carlos is a self-taught programmer and founder and author of most of the articles at Our Code World.

Sponsors