Accessing a directory with mod_dir disabled should return a 404
Opened this issue · 0 comments
Schlipak commented
Currently, accessing a directory with mod_dir
disabled returns a 403. This is a security issue since while it doesn't allow to navigate directories, it still allows to deduce the directory structure of the website.
A forbidden directory listing should then be treated the same as an actual 404.