---
title: Disable Directory Browsing
impact: LOW
impactDescription: prevents information disclosure of file structure and contents
tags: security, information-disclosure, configuration
---

## Disable Directory Browsing

Ensure your web server (Nginx/Apache) or application does not allow users to list the contents of directories.

**Incorrect (enabled):**

```nginx
# nginx configuration
autoindex on;
```

**Correct (disabled):**

```nginx
# nginx configuration
autoindex off;

# Rails application - do not serve static files via index listing
# Ensure public/ directory does not have index.html leading to directory list
```

**Tools:** Manual Review, Security scanner
---