Not sure where this should be posted, I think we should *warn* new webmasters that by default, their sites will display an index of the files in a folder if there is no index page stored there. I was surprised, I consider it a substantial security risk. Of course I may have a folder or two that I'd like to have auto-indexed, but I think security should be the default, convenience the explicit choice, in this case.
I have set the folders I have to "no index", but presumably I will need to fix each new folder I make, since I can't set that as the site default (as far as I know). Also, the feature seems to be limited to changing one folder at a time. It would be nice if CPanel would add the ability to "apply this to all subfolders" so I could do it in one shot.
It appears that the www folder was set up "no index" by default. I wondered if the assumption was that if you want a secure site you serve only out of www, and if so, do subfolders there automatically get "no index" status unless overridden?
At some point, it looks like I will need to read a good book about using cpanel if I want to apply best practices to my website.
I have set the folders I have to "no index", but presumably I will need to fix each new folder I make, since I can't set that as the site default (as far as I know). Also, the feature seems to be limited to changing one folder at a time. It would be nice if CPanel would add the ability to "apply this to all subfolders" so I could do it in one shot.
It appears that the www folder was set up "no index" by default. I wondered if the assumption was that if you want a secure site you serve only out of www, and if so, do subfolders there automatically get "no index" status unless overridden?
At some point, it looks like I will need to read a good book about using cpanel if I want to apply best practices to my website.