You are here: : Homepage > Best practices > Sheet No135
Best Practice N°135 - Level 2- Section security
Description
The server does not send back a list of files in a directory if there is no default page.
Objectives
This prevents users from gaining access to lists of files that are not listed in navigation menus.
Possible technical solutions:
Configure the web server so that it doesn’t return lists of files in directories. In the case of Apache this can be added to the .htaccess file. Options-indexes
Control methods:
Check the the request to a directory without a default page (eg: the image of style directories) doesn’t return a list of the content of the directory.
Put these Best Practices to use.
Opquast is a service provided by Temesis. The Opquast Best Practices are elaborated in the Opquast Workshop(FR).