diff options
Diffstat (limited to 'doc/user/application_security/dast/checks/548.1.md')
| -rw-r--r-- | doc/user/application_security/dast/checks/548.1.md | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/doc/user/application_security/dast/checks/548.1.md b/doc/user/application_security/dast/checks/548.1.md index 94f747739c5..d6371c5491d 100644 --- a/doc/user/application_security/dast/checks/548.1.md +++ b/doc/user/application_security/dast/checks/548.1.md @@ -8,8 +8,8 @@ info: To determine the technical writer assigned to the Stage/Group associated w ## Description -The target web server is configured to list the contents of directories that do not contain an index file -such as `index.html`. This could lead to accidental exposure of sensitive information, or give an attacker +The target web server is configured to list the contents of directories that do not contain an index file +such as `index.html`. This could lead to accidental exposure of sensitive information, or give an attacker details on how filenames and directories are structured and stored. ## Remediation @@ -17,11 +17,11 @@ details on how filenames and directories are structured and stored. Directory indexing should be disabled. Apache: -For Apache based web sites, ensure all `<Directory>` definitions have `Options -Indexes` configured in the +For Apache based web sites, ensure all `<Directory>` definitions have `Options -Indexes` configured in the `apache2.conf` or `httpd.conf` configuration file. NGINX: -For NGINX based websites, ensure all `location` definitions have the `autoindex off` directive set in the +For NGINX based websites, ensure all `location` definitions have the `autoindex off` directive set in the `nginx.conf` file. IIS: |