UCF STIG Viewer Logo

Directory Browsing must be disabled on the production web server.


Overview

Finding ID Version Rule ID IA Controls Severity
V-25994 WA000-WI091 SV-32645r2_rule Low
Description
Directory browsing allows the contents of a directory to be displayed upon request from a web client. If directory browsing is enabled for a directory in IIS, users could receive a web page listing the contents of the directory. If directory browsing is enabled the risk of inadvertently disclosing sensitive content is increased.
STIG Date
IIS 7.0 WEB SERVER STIG 2017-12-21

Details

Check Text ( C-32869r1_chk )
1. Open the IIS Manager.
2. Click the Server.
3. Double-click the Directory Browsing icon.
4. Under the Actions Pane verify Directory Browsing is disabled. If not, this is a finding.
Fix Text (F-29021r1_fix)
1. Open the IIS Manager.
2. Click the Server.
3. Double-click the Directory Browsing icon.
4. Under the Actions Pane click Disabled.