support.hedgehogsecurity.com
Open in
urlscan Pro
167.172.53.77
Public Scan
URL:
https://support.hedgehogsecurity.com/index.php/knowledge-base/article/browsable-web-directories
Submission: On December 14 via api from US — Scanned from GB
Submission: On December 14 via api from US — Scanned from GB
Form analysis
1 forms found in the DOMhttps://support.hedgehogsecurity.com/index.php/search
<form class="mb-0" action="https://support.hedgehogsecurity.com/index.php/search">
<div class="input-group align-items-center">
<input type="search" class="form-control" name="query" placeholder="Search Articles" required="">
<button class="btn btn-sub btn-wide"><i class="fas fa-search"></i></button>
</div>
<!-- /.input-group -->
</form>
Text Content
* Home * Submit Ticket * FAQs * Login * Login * Register Home Vulnerabilities Vulnerability fixes Article BROWSABLE WEB DIRECTORIES Posted on 2023-06-21 This comprehensive remediation guide provides step-by-step instructions to address the Browsable Web Directories vulnerability on Windows IIS, nginx, and Apache2 servers. Learn how to disable directory browsing and implement access controls to protect sensitive information from unauthorized access and mitigate the risk of information leakage. INTRODUCTION The Browsable Web Directories vulnerability exposes your organization to the risk of unauthorized access and information leakage by inadvertently exposing directory listings on your web server. When directories are left in a "browsable" state, they allow unauthorized individuals to view and access files and directories, potentially leading to the disclosure of sensitive information and increased attack surface. This remediation guide provides detailed instructions to mitigate the Browsable Web Directories vulnerability on Windows IIS, nginx, and Apache2 servers, safeguarding the confidentiality and integrity of your data. REMEDIATION GUIDE WINDOWS IIS SERVER Disabling Directory Browsing: a. Open the Internet Information Services (IIS) Manager. b. Navigate to the target website or application. c. In the Features View, double-click "Directory Browsing." d. In the Actions pane, click "Disable" to turn off directory browsing. Implementing Access Controls: a. Set appropriate file and directory permissions to restrict access to sensitive information. b. Utilize authentication mechanisms, such as Windows authentication or forms-based authentication, to limit access to authorized users. NGINX SERVER Disabling Directory Browsing: a. Open the nginx configuration file using a text editor (e.g., nano, vi) located at /etc/nginx/nginx.conf or /etc/nginx/conf.d/default.conf. b. Locate the "autoindex on;" directive and change it to "autoindex off;" to disable directory browsing. c. Save and close the configuration file. Implementing Access Controls: a. Set appropriate file and directory permissions using the chmod command to restrict access to sensitive information. b. Utilize authentication mechanisms, such as HTTP Basic Authentication or token-based authentication, to limit access to authorized users. APACHE2 SERVER Disabling Directory Browsing: a. Open the Apache2 configuration file using a text editor located at /etc/apache2/apache2.conf or /etc/httpd/conf/httpd.conf. b. Locate the "" directive for the target directory and remove or comment out the "Options Indexes" line to disable directory browsing. c. Save and close the configuration file. Implementing Access Controls: a. Set appropriate file and directory permissions using the chmod command to restrict access to sensitive information. b. Utilize authentication mechanisms, such as .htaccess with HTTP Basic Authentication or mod_authnz_external, to limit access to authorized users. FOUND THIS ARTICLE HELPFUL? Yes No [ 0 Out of 0 Found Helpful ] RELATED ARTICLES * How to Disable the Weak Ciphers – Apache * Web Server No 404 Error Code Check * Missing or Permissive Content-Security-Policy frame-ancestors HTTP Response Header * Missing or Permissive X-Frame-Options HTTP Response Header * Web Application Cookies Not Marked HttpOnly STILL NO LUCK? WE CAN HELP! Submit a ticket and we’ll get back to you as soon as possible. If you are a client and need out of hours support, call +44 0161 850 8512 Submit a Ticket Copyright © 2023 All Rights Reserved. Privacy Policy Terms of Use English * English This website uses cookies to make the user experience better. Got It