---
title: Disable Directory Browsing
impact: MEDIUM
impactDescription: prevents file enumeration
tags: directory, listing, file-exposure, security
---

## Disable Directory Browsing

Directory listing exposes file structure and potentially sensitive files.

**Incorrect (directory listing enabled):**

```go
// http.FileServer enables directory listing by default 
// if index.html is missing.
http.Handle("/static/", http.StripPrefix("/static/", http.FileServer(http.Dir("./public"))))
```

**Correct (directory listing disabled):**

```go
type neuteredFileSystem struct {
    fs http.FileSystem
}

func (nfs neuteredFileSystem) Open(path string) (http.File(f), error) {
    f, err := nfs.fs.Open(path)
    if err != nil {
        return nil, err
    }

    s, err := f.Stat()
    if s.IsDir() {
        index := filepath.Join(path, "index.html")
        if _, err := nfs.fs.Open(index); err != nil {
            closeErr := f.Close()
            if closeErr != nil {
                return nil, closeErr
            }
            return nil, err
        }
    }

    return f, nil
}

// Usage
fs := neuteredFileSystem{http.Dir("./public")}
http.Handle("/static/", http.StripPrefix("/static/", http.FileServer(fs)))
```

**Tools:** Web server configuration, Custom `FileSystem` implementation
