StackShield

How to Fix Directory Listing in Laravel

Scans for publicly accessible sensitive files (logs, .git).

file directory security Easy fix 5 minutes

What This Check Detects

Scans for publicly accessible sensitive files (logs, .git).

Full Documentation

What is Directory Exposure?

Directory listing allows visitors to browse files and folders on your server. This exposes your application structure and can reveal sensitive files.

Security Impact

Severity: Medium

  • File structure exposure
  • Discovery of sensitive files
  • Information gathering for attacks
  • Potential file downloads

How to Fix

Apache

# Disable directory listing
Options -Indexes

# Or in .htaccess
<IfModule mod_autoindex.c>
    Options -Indexes
</IfModule>

Nginx

# Nginx disables directory listing by default
# But ensure autoindex is off
autoindex off;

Verify Web Root

Ensure your web server points to the public directory:

root /var/www/html/public;

Verification Steps

  1. Visit a directory URL (e.g., /storage/)
  2. Should return 404 or 403, not file listing
  3. Test multiple directories
  4. Verify with security scanner

Related Issues

  • Sensitive Files
  • Exposed .env Files

Related Security Checks

Exposed .env Files

Checks if .env files are publicly accessible.

Easy fix 5 minutes

Sensitive Laravel Files

Checks for exposed sensitive Laravel files (.git, logs, config).

Easy fix 10 minutes
Free security check

Is your Laravel app exposed right now?

34% of Laravel apps we scan have at least one critical issue. Most teams don't find out until something breaks. Our free scan checks your live application in under 60 seconds.

18% have debug mode on
72% missing security headers
12% have exposed .env
Scan My App Free No signup required. Results in 60 seconds.