Monday, June 16, 2014

How to Disable Directory Listings in IIS/Apache

/ by  / with No comments /

The easiest way to disable directory listing is to create an index file. The name of the index file depends on the web server configuration. On Apache is called index.htm, index.html. On IIS is named default.asp, default.aspx, default.htm.
  • On IIS directory listings are disabled by default.
  • For Apache you need to edit the Apache configuration file (usually named httpd.conf) or create an .htaccess file. In the configuration file you will have the definition of the directory. Something like

Options Indexes FollowSymLinks
...
 
To disable directory listing for that directory you need to remove the ’Indexes’ option.

Reference
http://www.acunetix.com/blog/web-security-zone/directory-listing-information-disclosure/

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)