1.1.3 Disable Directory Browsing

Information

Ensuring that directory browsing is disabled may reduce the probability of disclosing sensitive content that is inadvertently accessible via IIS.

Solution

Directory Browsing can be set by using the UI, running appcmd.exe commands, by editing configuration files directly, or by writing WMI scripts. To disable directory browsing at the server level using an appcmd.exe command: %systemroot%\system32\inetsrv\appcmd set config /section:directoryBrowse /enabled:false

See Also

https://benchmarks.cisecurity.org/tools2/iis/CIS_Microsoft_IIS_7_Benchmark_v1.7.1.pdf

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6

Plugin: Windows

Control ID: aff719bd996fd546e11554acbb301492adce4bbcb1b0ae3c1a93d184b793fbd4