StackShield

Directory & File Exposure

Easy

Scans for publicly accessible sensitive files (logs, .git).

Estimated fix time: 5 minutes

What is Directory Exposure?

Directory listing allows visitors to browse files and folders on your server. This exposes your application structure and can reveal sensitive files.

Security Impact

Severity: Medium

  • File structure exposure
  • Discovery of sensitive files
  • Information gathering for attacks
  • Potential file downloads

How to Fix

Apache

# Disable directory listing
Options -Indexes

# Or in .htaccess
<IfModule mod_autoindex.c>
    Options -Indexes
</IfModule>

Nginx

# Nginx disables directory listing by default
# But ensure autoindex is off
autoindex off;

Verify Web Root

Ensure your web server points to the public directory:

root /var/www/html/public;

Verification Steps

  1. Visit a directory URL (e.g., /storage/)
  2. Should return 404 or 403, not file listing
  3. Test multiple directories
  4. Verify with security scanner
  • Sensitive Files
  • Exposed .env Files

Automatically detect this issue

StackShield can automatically scan your Laravel application for this security issue and alert you when it's detected.

Start Free Trial
Was this guide helpful?

Related Security Issues

Exposed .env Files

Checks if .env files are publicly accessible.

Easy

Sensitive Laravel Files

Checks for exposed sensitive Laravel files (.git, logs, config).

Easy