A customer of ours had an issue with some paths like theirwebsite.com\/images returning a 200 OK, and although the page was completely blank, and exposed no information it was detected as a positive indicator of exposed data, because of the 200 OK.<\/p>\n
more detail: https:\/\/community.qualys.com\/thread\/16746-qid-150004-path-based-vulnerability<\/a><\/p>\n Actually in this case it was a ‘whitescreen’, or just a blank index page, to prevent the Options +indexes in the apache httpd configuration showing the images path. You probably don’t want this and can just set your Option indexes.<\/p>\n Change from:<\/p>\n Change to: <\/p>\n This explicitly forbids, but older versions of apache2 might need this written as:<\/p>\n To prevent an attack on .htaccess you could also add this to httpd.conf to ensure the httpd.conf is enforced and takes precedence over any hacker or user that adds indexing incorrectly\/mistakenly\/wrongly;<\/p>\n Simple enough.<\/p>\n","protected":false},"excerpt":{"rendered":" A customer of ours had an issue with some paths like theirwebsite.com\/images returning a 200 OK, and although the page was completely blank, and exposed no information it was detected as a positive indicator of exposed data, because of the … Continue reading \r\nOptions +Indexes\r\n# in older versions it may be defined as\r\nOptions Indexes\r\n<\/pre>\n
\r\nOptions -Indexes\r\n<\/pre>\n
\r\nOptions Indexes\r\n<\/pre>\n
\r\n<Directory \/>\r\n Options FollowSymLinks\r\n AllowOverride None\r\n<\/Directory>\r\n<\/pre>\n