Facebook
Twitter
S
StuartA
Guest
Hi,
How do I turn off directory browsing for the plesk Admin?
if you goto
https://domain.com:8443/filemanager/?
it lists the contents of the filemanger directory from:
c:\program files\parallels\plesk\admin\htdocs\filemanager
I checked in IIS and directory browsing is unchecked.
but i can't find anywhere to turn this off!
it's a major security hole for PCI compliance..
from MacAfee:
Description
A directory listing was found which may be used to enumerate all the files in a directory.
More often than not, this is representative of unintentional information disclosure.
General Solution
If directory listing is not required, disable this feature.
Methods to disable directory listings vary with webserver software, however it is usually sufficient to include a blank file in the directory and name it index.html or whatever your webserver is configured to use for default pages.
If you're using Apache, another route is to include a .htaccess file in the directory with the following line:
Options -Indexes
Modifying IIS directory listing options is more complicated. Please refer to the link below for instructions on IIS 7.
However, in either case and with most other webservers, simply including a blank index.html in the directory is sufficient.
How do I turn off directory browsing for the plesk Admin?
if you goto
https://domain.com:8443/filemanager/?
it lists the contents of the filemanger directory from:
c:\program files\parallels\plesk\admin\htdocs\filemanager
I checked in IIS and directory browsing is unchecked.
but i can't find anywhere to turn this off!
it's a major security hole for PCI compliance..
from MacAfee:
Description
A directory listing was found which may be used to enumerate all the files in a directory.
More often than not, this is representative of unintentional information disclosure.
General Solution
If directory listing is not required, disable this feature.
Methods to disable directory listings vary with webserver software, however it is usually sufficient to include a blank file in the directory and name it index.html or whatever your webserver is configured to use for default pages.
If you're using Apache, another route is to include a .htaccess file in the directory with the following line:
Options -Indexes
Modifying IIS directory listing options is more complicated. Please refer to the link below for instructions on IIS 7.
However, in either case and with most other webservers, simply including a blank index.html in the directory is sufficient.