From 408cdb45e71341f31f03e41119bddcf57bc7c82a Mon Sep 17 00:00:00 2001
From: Yannick Warnier <ywarnier@beeznest.org>
Date: Tue, 8 Oct 2024 23:29:20 +0200
Subject: [PATCH] Security: Prevent directory indexing globally (no reason to
 enable it for web requests) - refs BT#22085

---
 .htaccess                             | 8 ++++++--
 documentation/installation_guide.html | 4 ++++
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/.htaccess b/.htaccess
index 3a3030f580..d61211eaa7 100755
--- a/.htaccess
+++ b/.htaccess
@@ -126,5 +126,9 @@ RedirectMatch 403 ^/main/inc/lib/javascript/bigupload/files
 </IfModule>
 
 <Files "web.config">
-    Require all denied
-</Files>
\ No newline at end of file
+  Require all denied
+</Files>
+
+<IfModule mod_autoindex.c>
+  Options -Indexes
+</IfModule>
\ No newline at end of file
diff --git a/documentation/installation_guide.html b/documentation/installation_guide.html
index 63919baa7f..0254b18856 100755
--- a/documentation/installation_guide.html
+++ b/documentation/installation_guide.html
@@ -773,6 +773,9 @@ If you have issues with files taking a long time to download, make sure you reco
   <Files "web.config">
     Require all denied
   </Files>
+  <IfModule mod_autoindex.c>
+    Options -Indexes
+  </IfModule>
     </pre>
 
     <h4>Special note on sharing questions between courses</h4>
@@ -872,6 +875,7 @@ If you have issues with files taking a long time to download, make sure you reco
     deny all;
     return 403;
   }
+  autoindex off;
     </pre>
 
     <h3>Apple on OS X servers</h3>