Accessing a directory with mod_dir disabled should return a 404

Question

Accessing a directory with mod_dir disabled should return a 404

Opened this issue 8 years ago · 0 comments

Currently, accessing a directory with mod_dir disabled returns a 403. This is a security issue since while it doesn't allow to navigate directories, it still allows to deduce the directory structure of the website.

A forbidden directory listing should then be treated the same as an actual 404.