Directory Indexing (also called Directory Browsing or Listing) consists in allowing visitors to access indexes.
14 days Free trial
No Commitment
Thus the user can view and download the content of a directory located on a server.
The danger comes from the total access the attacker may have to all the files present in the architecture of our web application. Users may access to informations, they usually can't get, such as configuration files. These ones contain information about the database or other third-party services used by the application, so it should not be exposed on the internet.
The solution to this problem lies in the server. Just tell the web server not to list the directories. To do this, you must change the Apache configuration file and add the "Options -Indexes" option. You can also add this option in a ".htaccess" file, however you would rather change the configuration file directly.
If you work on a Nginx server you must add the following lines in the configuration file:
location /{YOUR DIRECTORY} {
autoindex off;
}
Detect security flaws on your website or web application thanks to the Web Vulnerability Scanner of HTTPCS. This online security tool allows you to detect any flaws you have (top 10 OWASP, CVE and other vulnerabilities implemented in the robot) to ensure the best protection of your site on a daily basis. Easily schedule automated audits, discover your vulnerabilities and find out what patches to apply to avoid being hacked.
14 days Free trial
No Commitment