Disable Directory Listing in IIS
Solution 1
You need to disable directory browsing from IIS or from the web.config
<configuration>
<location path="Secured">
<system.webServer>
<directoryBrowse enabled="false" />
</system.webServer>
</location>
</configuration>
this entry above applies to IIS 7+, for IIS 6 you'll have to do it from IIS Manager
Solution 2
There are 2 ways using which you can disable the Directory Listing: This has been tested & works for IIS 10.
1. Web.config
<configuration>
<system.webServer>
<directoryBrowse enabled="false" /> <!--this line will disable directory browsing-->
</system.webServer>
</configuration>
2. IIS
Go to Internet Information Services(IIS) and look for the Directory Browser option. Select it and on the right corner you see an option Open Feature. Click on it and it will take you to another tab. Now select Disable and you see that the browsing has been disabled.
Related videos on Youtube
04 : 33
06 : 48
08 : 00
05 : 41
01 : 57
![How to disable directory listing in WordPress [updated method]](https://i.ytimg.com/vi/mnrEofNjAAA/hq720.jpg?sqp=-oaymwEcCNAFEJQDSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLDym4cXOB7RbPLYNNQtDD99N-Kqpw)
02 : 55
02 : 29
08 : 27
Comments
-
Tapas Bose almost 2 years
In my web application all the .aspx pages resides in Pages directory. The project structure is shown below:
The Home.aspx is set as Start Page and the Web.config file of the Pages folder contains:
<configuration> <location path="Secured"> <system.web> <authorization> <deny users="?"/> <allow users="*"/> </authorization> </system.web> </location> </configuration>And the main Web.config has:
<authentication mode="Forms"> <forms loginUrl="~/Pages/Login.aspx" timeout="2880" defaultUrl="~/Pages/Secured/Home.aspx" /> </authentication>So when the application launches it redirects to the Login page with the URL:
http://localhost:2453/Pages/Login.aspx?ReturnUrl=%2fPages%2fSecured%2fHome.aspx
Now if I delete the
Login.aspx?ReturnUrl=%2fPages%2fSecured%2fHome.aspx
from that URL and press enter it is taking me to the Directory Listing:
What I want that it will again send me to the Login page located at
How can I achieve this? Your help be appreciated.
Thanks.
The localhost:
-
Tapas Bose about 12 yearsThanks for reply. If I navigate to localhost as in the above image it is showing IIS7. But in Start->Control Panel->Administrative Tools I can see there are two Internet Information Services Managers. One is Internet Information Services (IIS) 6.0 Managers and another Internet Information (IIS) Services Managers. I am unable to understand whether or not I am running in IIS7. Also I am executing the application from Visual Studio. I have tried your code both in main Web.config and in Web.config of Pages. But none of them is working. How can I disable it from IIS6 Manager?
-
scartag about 12 years@Tapas Bose currently your app is running on Asp.net development server (Cassini). You may have to configure it to run on IIS by going to the project properties > Web tab and setting it to IIS and creating a virtual directory
-
Tapas Bose about 12 yearsI have added your code in main Web.config and have changed the properties to use Local IIS server and now I am getting HTTP Error 403.14 - Forbidden error message if I try to browse localhost/EMSApplication.Web/Pages. This will help to protect the website. But isn't there any way to redirect again in Login page? Thanks for your help.
-
scartag about 12 years@TapasBose maybe you should put a default page on that folder (Default.aspx) a 403.14 means it can't load any default doc and from your screenshots i can see you don't have a default document.
