![]() ![]() They assume that if there are no public links to files in a directory, nobody can access them. Many web server administrators still follow the concept of security through obscurity. Why do web server administrators turn directory listing on? ![]() However, if the index file did not exist and directory listing was enabled, the web server would instead return the contents of a directory, like a file manager. To start with an example, when a user types in the browser address bar without specifying a file name in the URL (such as index.html, index.php, index.htm, or default.asp), the web server processes this request, returns the index HTML file for that directory (in this case, the /learn/ directory), and the web browser displays the web page. It is dangerous to leave it enabled because it leads to information disclosure.ĭisable directory listing in web server configuration ![]() This function should always be turned off. When enabled, it displays the contents of a directory that has no index file. Directory listing What is a directory listing vulnerability?ĭirectory listing is a web server function that can cause a vulnerability. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |