enterprise-support team mailing list archive

Thread
Date

[Question #708558]: link in default index.html should be HTTPS

To: enterprise-support@xxxxxxxxxxxxxxxxxxx
From: Chris Murray <question708558@xxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 28 Nov 2023 02:05:38 -0000
Reply-to: question708558@xxxxxxxxxxxxxxxxxxxxx
Sender: noreply@xxxxxxxxxxxxx

New question #708558 on apache2 in Ubuntu:
https://answers.launchpad.net/ubuntu/+source/apache2/+question/708558

Hi folks,

When running the Hardenize (https://www.hardenize.com) tool against my web server, it picked up that on the default Apache2 web page (located at /var/www/html/index.html) has an insecure link. Upon further investigation,  it's the "Document Roots" section, where it says "By default, Ubuntu does not allow access through the web browser to any file outside of those located in /var/www, public_html directories (when enabled) and /usr/share (for web applications)."; public_html is a link to the apache docs page for mod_userdir (https://httpd.apache.org/docs/2.4/mod/mod_userdir.html) but it's being serverd as a http:// link. IMO this should be updated to be https. Should a bug be filed against the ubuntu package, the debian package, or directly against apache?



All the best,

Chris 8-)

-- 
You received this question notification because your team Ubuntu
Server/Client Support Team is an answer contact for apache2 in Ubuntu.