What is open directory listing
By default, if a website does not include an index file in a directory it will display all files and allow for browsing. Depending on the files this can be harmless. However, websites often store backup files and sensitive information within a folder and so if directory listing is enabled an attacker may be able to stumble upon these.
Although it is often overlooked, directory listing can easily be disabled by making use of a .htaccess file and using the following instruction.
ErrorDocument 403 /index.php
So, what exactly is happening here? The first line Options -Indexes is simply restricting access to directories. Should an attacker try to access a directory they will be displayed a 403 forbidden page. The following line ErrorDocument 403 /index.php informs the webserver to redirect to the root index file should a 403 error be displayed.
Notice something not quite right? That's fine we're not perfect. Why not make a suggestion on our community forum, you should be able to see the correct formatting below.
Still need help?
Are you having trouble using arctil? Why not try reaching out to our Community Forum.
Alternatively, you can try contacting us through the Contact page.