- Prevent the display of lists of files contained in a directory.
- improve the server’s security.
- Reduce the risk of intrusion.
Configure the server so that it does not return the listing of files found in a directory. For Apache, add for example
options –indexes in the
For each audited site:
- Check that the call to a directory without a default page - such as the directory of images, JS scripts or style sheets - does not return the listing of the contents of this folder (this action can however lead to an error page or to a redirect).