Best practice No 135 - Security - LevelLevel 2

Français
Accessibility
Go to content
Site map
Contact us
Recherche

Homepage
Best practices
Providers
The project
FAQ
Declarations
My-Opquast

You are here: : Homepage > Best practices > Sheet N^o135

Previous sheet
Next sheet

Best Practice N°135- LevelLevel 2- Section security

Description

The server does not send back a list of files in a directory if there is no default page.

Objectives

This prevents users from gaining access to lists of files that are not listed in navigation menus.

Possible technical solutions:

Configure the web server so that it doesn’t return lists of files in directories. In the case of Apache this can be added to the .htaccess file. Options-indexes

Control methods:

Check the the request to a directory without a default page (eg: the image of style directories) doesn’t return a list of the content of the directory.

Put these Best Practices to use.

Opquast is a service provided by Temesis. The Opquast Best Practices are elaborated in the Opquast Workshop(FR).

License
Privacy policy
Legal notices
Partners
My-Opquast terms and conditions