1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

How Do I turn off directory browsing for the plesk Admin?

Discussion in 'Plesk 9.x for Windows Suggestions and Feedback' started by StuartA, Jun 10, 2010.

  1. StuartA

    StuartA Guest

    0
     
    Hi,

    How do I turn off directory browsing for the plesk Admin?

    if you goto

    https://domain.com:8443/filemanager/?


    it lists the contents of the filemanger directory from:

    c:\program files\parallels\plesk\admin\htdocs\filemanager


    I checked in IIS and directory browsing is unchecked.

    but i can't find anywhere to turn this off!


    it's a major security hole for PCI compliance..

    from MacAfee:


    Description
    A directory listing was found which may be used to enumerate all the files in a directory.

    More often than not, this is representative of unintentional information disclosure.


    General Solution
    If directory listing is not required, disable this feature.

    Methods to disable directory listings vary with webserver software, however it is usually sufficient to include a blank file in the directory and name it index.html or whatever your webserver is configured to use for default pages.

    If you're using Apache, another route is to include a .htaccess file in the directory with the following line:
    Options -Indexes


    Modifying IIS directory listing options is more complicated. Please refer to the link below for instructions on IIS 7.

    However, in either case and with most other webservers, simply including a blank index.html in the directory is sufficient.
     
Loading...