Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.By index.php with the following contents in every directory, directory browsing is disabled without depending on specific http server configuration.
http://www.site.tld/ should probably be replaced by a variable that contain the site name as provided in the installation
/* Redirect to the base page, effectively disable directory contents listing */
header('Location: http://www.site.tld/');
| Comment | File | Size | Author |
|---|---|---|---|
| index.php.txt | 136 bytes | JPL-1 |
Comments
Comment #1
JPL-1 commentedin response to http://drupal.org/node/244642
Comment #2
VinceW commentedLS,
After taking over maintainership of this module (see: #507278: Request to take over ownership of Security) I'm cleaning up the issue queue.
I won't fix this issue because it's outside the scope of the project (which is analyzing the site and reporting the Security Information) and not applying security patches for core or modules.
If on the other hand one could come up with something to inform the security.module of this risk, your welcome to open a feature request :-)
Best,
VinceW
-=[ Your Information Matters ]=-