Web Server Security Setting to Hide File List

I was able to use duckdns subdomain to direct it to my dynamic IP of the router so it keeps tracking it , also I was able to secure with Lets encrypt the communication with my hosted openemr and I got the lock pad on the browser ( connection is only HTTPS, Only port 443 is open on my router and my ubuntu fire wall that hosts openemr) , however when I put https:// {my domain}/openemr/library…ALL the files are exposed …is that because it is an open source?, I thought that the demo server you have is different but on the demo server also all the files are exposed…does that poses any risk is there any possibility to have those files manipulated or accessed even if my connection is secured with HTTPS and I followed all the security recommendations on installing openemr in the wiki? or this is because it is an open source and it remain exposed?
I attached screen shot from my local and screen shot from the demo server

Its a setting in your web server. You have file listing turned on.

Thank you very much.
~$ sudo a2dismod - - force autoindex
did the trick
now I get 404 not found when trying to reach directory.

1 Like