Directory Indexing (DI) vulnerability

What is a DI and how to prevent it?

Directory Indexing (also called Directory Browsing or Listing) consists in allowing visitors to access indexes.

Test for free the Directory Indexing Request a demo

14 days Free trial

No Commitment

What is a Directory Indexing vulnerability ?

Thus the user can view and download the content of a directory located on a server.

The danger comes from the total access the attacker may have to all the files present in the architecture of our web application. Users may access to informations, they usually can't get, such as configuration files. These ones contain information about the database or other third-party services used by the application, so it should not be exposed on the internet.

How to protect yourself against Directory Indexing vulnerabilities ?

The solution to this problem lies in the server. Just tell the web server not to list the directories. To do this, you must change the Apache configuration file and add the "Options -Indexes" option. You can also add this option in a ".htaccess" file, however you would rather change the configuration file directly.

Example :

If you work on a Nginx server you must add the following lines in the configuration file:
location /{YOUR DIRECTORY} { autoindex off; }

Discover our online tools to avoid or detect the Top 10 OWASP vulnerabilities

Security

Avoid being hacked!

Integrity

Watch for any changes!

Cyber Vigilance

Data leaks? Be warned!

Monitoring

Site unavailable? Be alerted!

Free Trial Request a demo

How to detect TOP 10 OWASP vulnerabilities?

Detect security flaws on your website or web application thanks to the Web Vulnerability Scanner of HTTPCS. This online security tool allows you to detect any flaws you have (top 10 OWASP, CVE and other vulnerabilities implemented in the robot) to ensure the best protection of your site on a daily basis. Easily schedule automated audits, discover your vulnerabilities and find out what patches to apply to avoid being hacked.