Directory browsing is disabled by default in Microsoft's IIS server so that users cannot see the contents (files/folders) present in directories. For security purpose, you should keep the directory browsing disabled. If necessary, enable it only for particular directory that you wish to allow.
Below are easy steps to disable directory browsing/listing in Microsoft's IIS server.
From User Interface:
1. Open IIS Manager and select the level you want to manage.
2. In Features View, double-click Directory Browsing.
3. In the Actions pane, click Disable if the Directory Browsing feature is enabled.
From Command Line:
1. Open command prompt with administrative privileges.
2. Navigate to C:\Windows\System32\inetsrv
3. To disable the directory browsing at server level, use the following syntax:
appcmd set config /section:directoryBrowse /enabled:false
To disable directory browsing at site level, type following command and press enter:
appcmd set config ["SITE_NAME"]/section:system.webServer/directoryBrowse /enabled:false
The enabled attribute is set to true if that directory browsing is ON.
The enabled attribute is set to false if that directory browsing is OFF.
e.g. To disable directory browsing at server level, type following command and press enter:
appcmd set config /section:directoryBrowse /enabled:false
e.g. To disable directory browsing at site level, type following command and press enter:
appcmd set config "www.shopping.info/sales" /section:system.webServer/directoryBrowse /enabled:false
If you have any issues, leave your comments below.. :)
0 comments:
Post a Comment