Best practices securing HTTP/HTTPS (continued)...


Configuration

FollowSymLinks          This directive is enabled by default, so be careful where you create symbolic links to in the document root of the Web server. For instance, it is a bad idea to provide a symbolic link to /.

The Indexes Directive  This directive is enabled by default, but may not be desirable. If you do not want users to browse files on the server, it is best to remove this directive.

The UserDir Directive  The UserDir directive is disabled by default because it can confirm the presence of a user account on the system. If you wish to enable user directory browsing on the server, use the following directives:

UserDir enabled 
UserDir disabled root

These directives activate user directory browsing for all user directories other than /root. If you wish to add users to the list of disabled accounts, add a space delimited list of users on the UserDir disabled line.