support.hedgehogsecurity.com Open in urlscan Pro
167.172.53.77  Public Scan

Form analysis
1 forms found in the DOM

https://support.hedgehogsecurity.com/index.php/search

<form class="mb-0" action="https://support.hedgehogsecurity.com/index.php/search">
  <div class="input-group align-items-center">
    <input type="search" class="form-control" name="query" placeholder="Search Articles" required="">
    <button class="btn btn-sub btn-wide"><i class="fas fa-search"></i></button>
  </div>
  <!-- /.input-group -->
</form>

Text Content

 * Home
 * Submit Ticket
 * FAQs

 * Login
 * Login
 * Register

Home Vulnerabilities Vulnerability fixes Article


BROWSABLE WEB DIRECTORIES

Posted on 2023-06-21

This comprehensive remediation guide provides step-by-step instructions to
address the Browsable Web Directories vulnerability on Windows IIS, nginx, and
Apache2 servers. Learn how to disable directory browsing and implement access
controls to protect sensitive information from unauthorized access and mitigate
the risk of information leakage.





INTRODUCTION

The Browsable Web Directories vulnerability exposes your organization to the
risk of unauthorized access and information leakage by inadvertently exposing
directory listings on your web server. When directories are left in a
"browsable" state, they allow unauthorized individuals to view and access files
and directories, potentially leading to the disclosure of sensitive information
and increased attack surface. This remediation guide provides detailed
instructions to mitigate the Browsable Web Directories vulnerability on Windows
IIS, nginx, and Apache2 servers, safeguarding the confidentiality and integrity
of your data.





REMEDIATION GUIDE

WINDOWS IIS SERVER

Disabling Directory Browsing:
    a. Open the Internet Information Services (IIS) Manager.
    b. Navigate to the target website or application.
    c. In the Features View, double-click "Directory Browsing."
    d. In the Actions pane, click "Disable" to turn off directory browsing.

Implementing Access Controls:
    a. Set appropriate file and directory permissions to restrict access to
sensitive information.
    b. Utilize authentication mechanisms, such as Windows authentication or
forms-based authentication, to limit access to authorized users.




NGINX SERVER

Disabling Directory Browsing:
    a. Open the nginx configuration file using a text editor (e.g., nano, vi)
located at /etc/nginx/nginx.conf or /etc/nginx/conf.d/default.conf.
    b. Locate the "autoindex on;" directive and change it to "autoindex off;" to
disable directory browsing.
    c. Save and close the configuration file.

Implementing Access Controls:
    a. Set appropriate file and directory permissions using the chmod command to
restrict access to sensitive information.
    b. Utilize authentication mechanisms, such as HTTP Basic Authentication or
token-based authentication, to limit access to authorized users.




APACHE2 SERVER


Disabling Directory Browsing:
    a. Open the Apache2 configuration file using a text editor located at
/etc/apache2/apache2.conf or /etc/httpd/conf/httpd.conf.
    b. Locate the "" directive for the target directory and remove or comment
out the "Options Indexes" line to disable directory browsing.
    c. Save and close the configuration file.

Implementing Access Controls:
    a. Set appropriate file and directory permissions using the chmod command to
restrict access to sensitive information.
    b. Utilize authentication mechanisms, such as .htaccess with HTTP Basic
Authentication or mod_authnz_external, to limit access to authorized users.







FOUND THIS ARTICLE HELPFUL?

Yes No


[ 0 Out of 0 Found Helpful ]


RELATED ARTICLES

 * How to Disable the Weak Ciphers – Apache
 * Web Server No 404 Error Code Check
 * Missing or Permissive Content-Security-Policy frame-ancestors HTTP Response
   Header
 * Missing or Permissive X-Frame-Options HTTP Response Header
 * Web Application Cookies Not Marked HttpOnly

STILL NO LUCK? WE CAN HELP!

Submit a ticket and we’ll get back to you as soon as possible.

If you are a client and need out of hours support, call +44 0161 850 8512

Submit a Ticket

Copyright © 2023 All Rights Reserved.

Privacy Policy Terms of Use
English
 * English

This website uses cookies to make the user experience better.

Got It