Why does Directory & File Exposure matter for Laravel security?

Failing to address directory & file exposure can leave your Laravel application vulnerable to attacks. StackShield continuously monitors for this issue so you can catch it before attackers do.

How do I fix a Directory & File Exposure issue?

This is rated as an easy fix, typically taking 5 minutes. See the full documentation above for step-by-step instructions.

How to Fix Directory Listing in Laravel

What This Check Detects

Scans for publicly accessible sensitive files (logs, .git).

Full Documentation

What is Directory Exposure?

Directory listing allows visitors to browse files and folders on your server. This exposes your application structure and can reveal sensitive files.

Security Impact

Severity: Medium

File structure exposure
Discovery of sensitive files
Information gathering for attacks
Potential file downloads

How to Fix

Apache

# Disable directory listing
Options -Indexes

# Or in .htaccess
<IfModule mod_autoindex.c>
    Options -Indexes
</IfModule>

Nginx

# Nginx disables directory listing by default
# But ensure autoindex is off
autoindex off;

Verify Web Root

Ensure your web server points to the public directory:

root /var/www/html/public;

Verification Steps

Visit a directory URL (e.g., /storage/)
Should return 404 or 403, not file listing
Test multiple directories
Verify with security scanner

Related Issues

Sensitive Files
Exposed .env Files

Related Security Checks

Exposed .env Files

Checks if .env files are publicly accessible.

Easy fix 5 minutes

Sensitive Laravel Files

Checks for exposed sensitive Laravel files (.git, logs, config).

Easy fix 10 minutes