IISW-SI-000231 - Directory Browsing on the IIS 8.5 website must be disabled.

Information

Directory browsing allows the contents of a directory to be displayed upon request from a web client. If directory browsing is enabled for a directory in IIS, users could receive a web page listing the contents of the directory. If directory browsing is enabled the risk of inadvertently disclosing sensitive content is increased.

Solution

Follow the procedures below for each site hosted on the IIS 8.5 web server:

Open the IIS 8.5 Manager.

Click the Site.

Double-click the 'Directory Browsing' icon.

Under the 'Actions' pane click 'Disabled'.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_IIS_8-5_Y23M10_STIG.zip

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-10, CAT|II, CCI|CCI-001310, Rule-ID|SV-214470r879652_rule, STIG-ID|IISW-SI-000231, STIG-Legacy|SV-91525, STIG-Legacy|V-76829, Vuln-ID|V-214470

Plugin: Windows

Control ID: b27f411bbef5ef0f20dae2025491147154530075a51c0d35e6689413bc6b1411