Ok I think I fixed it now (thanks to your reply about indexing). But I'll explain what I found out, maybe it can also help others. After all I changed my apache2.conf.
But when opening /uploads/ and /uploads/tickets/ I saw a blank/white page with nothing on it. And also I was able to directly open *.pdf
That was with my original apache2 config setting at /etc/apache2/apache2.conf:
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
<Directory /usr/share>
AllowOverride None
Require all granted
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
With this config, DirBuster is indeed able to scan folders and files.
Now i changed the config to this:
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
<Directory /usr/share>
AllowOverride None
Require all granted
</Directory>
<Directory /var/www/>
Options -Indexes +FollowSymLinks
AllowOverride All
Require all granted
</Directory>
<Directory /var/www/redacted.address.nl/uploads>
Require all denied
</Directory>
Restarted Apache sudo systemctl restart apache2
Now when I visit /uploads/ and /uploads/tickets/ I get an error message (Forbidden). Also when i try to open a pdf attachement without being logged in I see "Forbidden". When I'm logged in, I can open the attachment.
Hope this helps. I any questions, pleas ask π
Thanks for your help
