Welcome! Log In Create A New Profile

Advanced

How to not 'expose' directory tree by default

Previous Message Next Message
Forum List Message List New Topic Print View
Jan-Philip Gehrcke
January 18, 2013 07:22AM
Hello,

error 403 means that the location exists and access is not allowed while
404 means that the location does not exist.

Based on this, with mostly default settings, it is (in theory) possible
to determine the directory structure below the document root via
guessing or dictionary attack. This may or may not be considered a
security risk (what do you think?).

I know that there are ways to make nginx return 404 for specific
locations, including directories. In am wondering, however, if there is
a neat approach making nginx return 404 generally for each directory that
- has not explicitly enabled autoindex and
- contains no 'index' file (HttpIndexModule)

Thanks,

Jan-Philip


_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Reply Quote
RSS
Subject Author Posted

How to not 'expose' directory tree by default

Jan-Philip Gehrcke January 18, 2013 07:22AM

Re: How to not 'expose' directory tree by default

Maxim Dounin January 20, 2013 07:56PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 230
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready